Bug 1200

Summary: sshd does not strip trailing dot from client hostname with HostbasedUsesNameFromPacketOnly
Product: Portable OpenSSH Reporter: Richard E. Silverman <res>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: djm, dtucker
Priority: P2    
Version: 4.3p2   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 1452    
Attachments:
Description Flags
patch none

Description Richard E. Silverman 2006-06-24 02:46:36 AEST 
Normally during hostbased authentication, sshd strips any trailing dot from the hostname supplied by the client in the hostbased authentication request.  However, when HostbasedUsesNameFromPacketOnly is set, it does not.  This is bad for two reasons:

1) While one could interpret the option as saying that sshd should use the name verbatim, I believe this is not a useful interpretation.  Rather, the point of the option is to rely only on the client-supplied name, rather than checking the DNS and refusing authentication if the names do not match.  The question of what the name *is*, is a separate concern.  Since the hostnames in shosts.equiv, all ~/.shosts files, and the known-hosts file will not have trailing dots, hostbased will fail until all these files are updated.  Surely this is not the intention.

2) Even after fixing all the names, hostbased authentication still does not work, because the signed data in the authentication request includes the hostname: one side uses the dot, the other does not, and the signature is bad.
Comment 1 Richard E. Silverman 2006-06-24 02:48:14 AEST 
Created attachment 1150 [details]
patch

patch fixes the bug
Comment 2 Richard E. Silverman 2006-10-05 09:01:11 AEST 
*** Bug 1248 has been marked as a duplicate of this bug. ***
Comment 3 Damien Miller 2008-07-17 19:02:43 AEST 
patch applied - this will be in the openssh-5.1 release. Thanks!
Comment 4 Damien Miller 2008-07-22 12:08:34 AEST 
Mass update RESOLVED->CLOSED after release of openssh-5.1