1248 – bug with HostbasedUsesNameFromPacketOnly

Bug 1248 - bug with HostbasedUsesNameFromPacketOnly

Summary: bug with HostbasedUsesNameFromPacketOnly

Status:	CLOSED DUPLICATE of bug 1200

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	4.4p1
Hardware:	All All

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-10-05 07:54 AEST by Richard E. Silverman
Modified:	2006-10-07 11:46 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
proposed patch (855 bytes, patch) 2006-10-05 08:53 AEST, Richard E. Silverman	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Richard E. Silverman 2006-10-05 07:54:28 AEST

The server-side hostbased authentication logic strips any trailing dot from the hostname supplied in the authentication request, which makes sense because no one will enter hostnames with trailing dots in their known-hosts lists.

The option HostbasedUsesNameFromPacketOnly has sshd skip checking the reverse-lookup name of the client IP address against the client-supplied hostname.  However, the current code also skips removing the trailing dot, the result of which is that hostbased authentication fails completely, unless you go and add dots to all your hostnames in the known-hosts file.

I am including a patch to fix this behavior.

Comment 1 Richard E. Silverman 2006-10-05 08:53:09 AEST

Created attachment 1198 [details]
proposed patch

Comment 2 Richard E. Silverman 2006-10-05 08:54:50 AEST

adding cc: myself

Comment 3 Richard E. Silverman 2006-10-05 09:01:11 AEST

Hm.  Completely forgot that I had already submitted this a few months ago.

*** This bug has been marked as a duplicate of bug 1200 ***

Comment 4 Darren Tucker 2006-10-07 11:46:01 AEST

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.