Bug 3501

Summary: When checking key for IP address, key type is ignored in comparison
Product: Portable OpenSSH Reporter: martin ➬ <bugzilla.mindrot.org>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: normal CC: kenyon
Priority: P5    
Version: 9.1p1   
Hardware: Other   
OS: Linux   

Description martin ➬ 2022-11-14 19:30:44 AEDT
I used ssh-keyscan to add all 3 keys of a remote host to my known_hosts file, like so (lines 1–3):

somehost.example.org,192.0.2.167,2001:db8::192.0.2.167 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBExREWxSdCmgdG0WUoziitLWMg5QdR3bNpS5i2ckTWX1VAX24vKggTJdXHU5pQDNIn1OsjMx2ez0TugcPsUIGG0=
somehost.example.org,192.0.2.167,2001:db8::192.0.2.167 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINExMfqczBvNAubVtOdimLP2UwrNwvx5nQstjW8VNs3x
somehost.example.org,192.0.2.167,2001:db8::192.0.2.167 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD8joOCwmwpyLF+OEiD/UPW4dLYxjgH6ogNKWeqGnkWf2+DaqqZe9acay/Mka6x3c9GCMalC3v2KU6NgnuDAQaEVClDlAaxRMX3n5TY+7EYPV/+z2L/9q4xsJgqdYd2vpB9d7IC5iBmOvPI5FWg74423t1X/jXsLmNOQahznrQTfqDTBzSMbXfsOIVrahz5u4vnK6ZjpTFPLVCm+6BSHTzycEM9LWTD6t7X57GR+96bCAQsmuSHL8amV0V/cWhNH0vhjBp7DSOfHOUukmDdPZ/62dcCg6zHpKjDErp2Q8HJwK4vOkD/YQFzadgiTHVZed732b+EB1bS2MOWuapBx6R

Because of https://bugzilla.mindrot.org/show_bug.cgi?id=3500, when I connect to the remote host, SSH adds a line for the alternate IPv6 address to known_hosts (this is on line 101):

2001:db8::c000:02a7 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINExMfqczBvNAubVtOdimLP2UwrNwvx5nQstjW8VNs3x

Now, if for whatever reason, SSH tries to verify the host using the ECDSA key, it will fail to connect:

Warning: the ECDSA host key for 'somehost.example.org' differs from the key for the IP address '2001:db8::c000:02a7'
Offending key for IP in /var/lib/backuppc/.ssh/known_hosts:101
Matching host key in /var/lib/backuppc/.ssh/known_hosts:1
Exiting, you have requested strict checking.
Host key verification failed.

But it's comparing an ECDSA key used for the verification of the current session to an ED25519 key fingerprint stored in line 101, and that doesn't seem right.
Comment 1 Kenyon Ralph 2023-01-04 09:02:54 AEDT
I believe this is the same bug as what's described here but with rsa and ecdsa: https://superuser.com/a/1527572/22598