Bug 2074

Summary: Host key verification incorrectly handles IPv6 addresses
Product: Portable OpenSSH Reporter: Tomas Szaniszlo <tomaxuser>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: minor CC: djm
Priority: P5 Keywords: needs-release-note
Version: 6.1p1   
Hardware: All   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2266    
Attachments:
Description Flags
canonicalise hostnames that are actually addresses
none
Canonicalise addresses when CanonicaliseHostnames enabled none

Description Tomas Szaniszlo 2013-02-23 21:59:39 AEDT 
Host key verification does not handle different but equivalent notations of an IPv6 address as one. This affects but may be not limited to usage of ::.

Steps to reproduce:
1. ssh to ::1
2. confirm host key
3. cancel session
(3a. ssh to ::1 again to check that no verification is needed and host is known)
4. ssh to ::0:1
5. host key confirmation needed
6. cancel session
7. ssh to 0:0:0:0:0:0:0:1
8. host key confirmation needed
9. cancel session

Expected result is that in steps 5 and 8 no confirmation is required and ssh recognizes that the IP addresses are equivalent with the first one (per http://tools.ietf.org/html/rfc5952#section-4).

Suggested solution is to canonicalize IPv6 addressees when comparing them in host key verification.

This affects at least distribution 5.5p1 on Debian Squeeze and 6.1p1 built from source, but probably affects all OSes.
Comment 1 Damien Miller 2013-03-08 11:42:58 AEDT 
Created attachment 2226 [details]
canonicalise hostnames that are actually addresses

Host names passed on the commandline are treated as names first and addresses a distant second, which is why this doesn't behave the way you might expect. The host key lookup is incredibly fiddly, but generally prefers that you confirm a key that you maybe have seen before over accepting it. Furthermore, localhost is a special case again so it isn't the best address to test with.

That being said, the attached patch will attempt to canonicalise IP addresses that are passed on the commandline. I'm not entirely sure that we want this, but we are probably going to do some other sort of canonicalisation sooner or later anyway so it might be worthwhile then - I don't intend on committing it as-is.
Comment 2 Tomas Szaniszlo 2013-03-26 11:51:30 AEDT 
Sorry for the later response.

Regarding those localhost addresses, it was only an unfortunate obfuscation; I tested it with real 2001:: addresses.

Regarding the patch, I wanted to try it out but after inspection of sources for BSD tarball and Linux nightly snapshot, I couldn't find out to which sources should I apply that patch.

Maybe a question - could there be any disadvantages of doing this?
Comment 3 Damien Miller 2014-07-03 16:18:32 AEST 
Created attachment 2453 [details]
Canonicalise addresses when CanonicaliseHostnames enabled

This puts the address canonicalisation inside the recently-added hostname canonicalisation code.
Comment 4 Damien Miller 2015-04-17 15:06:56 AEST 
this was fixed in openssh-6.8
Comment 5 Damien Miller 2015-08-11 23:03:36 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1