Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > secureshell > 03 > 030592.html (Request Expert securityfocus.com Support)

Openssh, automatically adds IP to known_hosts when it shouldn't?

From: William Stearns <wstearns(at)pobox.com>
Date: Mon Mar 24 2003 - 10:31:29 EST


Good day, all,

        I'm using Openssh 3.3p1 as a client. I have a server which has ssh listening in port 22, and port 22222 is forwarded off to another ssh server sitting behind it.

        The correct host keys are in known_hosts with the names gateway and hiddenbox.

        With this in ~/.ssh/config :

Host gateway 

        Hostname                gateway.mydomain.com
        Port                    22
        HostKeyAlias            gateway
Host hiddenbox
        Hostname                gateway.mydomain.com
        Port                    22222
        HostKeyAlias            hiddenbox


	, whichever system I connect to first adds its key to
~/.ssh/known_hosts under the IP address 12.13.14.15. When I try to connect to the other, I get a key mismatch for the IP address and the connection fails.

        If I simply change the Hostname line to use the IP address of that host instead of the dns hostname:

Host gateway 

        Hostname                12.13.14.15
        Port                    22
        HostKeyAlias            gateway
Host hiddenbox
        Hostname               	12.13.14.15
        Port                    22222
        HostKeyAlias            hiddenbox


	, I can connect to both successfully; neither connection tries to 


add the IP address to known_hosts.
	Since I've forced the HostKeyAlias, it _seems_ as if adding the 
"IP  hostkey" pair to known_hosts might not be the correct thing to do.
	Is this a bug or a feature?
	Cheers,
	- Bill

---------------------------------------------------------------------------
        "Once you have pulled the pin from Mr. Grenade, he is no longer
your friend."
(Courtesy of Michael J. Fromberger <sting@linguist.thayer.dartmouth.edu>)

William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org 
Linux articles at:                         
http://www.opensourcedigest.com
--------------------------------------------------------------------------
Received on Mon Mar 24 12:26:15 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:55 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library