Bug 523

Summary: ssh saves only host/ip information in known_hosts while port information is missing
Product: Portable OpenSSH Reporter: Arkadiusz Miskiewicz <misiek>
Component: sshAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED DUPLICATE    
Severity: enhancement    
Priority: P2    
Version: -current   
Hardware: Other   
OS: All   

Description Arkadiusz Miskiewicz 2003-03-27 20:34:02 AEDT 
ssh saves only host/ip information in known_hosts while port information is missing. 
 
When using masquerade I often use destination nat (DNAT) under Linux to allow 
connections from Internet to hosts behind masquerade like this: 
iptables -A PREROUTING -t nat -p tcp -d 12.12.12.12 --dport 11022 -j DNAT --to 
172.16.100.4:22 
 
That works wery well but ssh doesn't save information about port and then 
when connecting to 12.12.12.12 port 22 or port 11022 (different sshd's) 
 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
The RSA host key for some.host.pl has changed, 
and the key for the according IP address 12.12.12.12 
has a different value. This could either mean that 
DNS SPOOFING is happening or the IP address for the host 
and its host key have changed at the same time. 
Offending key for IP in /home/users/misiek/.ssh/known_hosts:79 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now (man-in-the-middle attack)! 
It is also possible that the RSA host key has just been changed. 
The fingerprint for the RSA key sent by the remote host is 
a6:64:aa:6c:da:af:b5:be:99:d3:fc:21:0b:84:47:7a. 
Please contact your system administrator. 
Add correct host key in /home/users/misiek/.ssh/known_hosts to get rid of this 
message. 
 
That message is of course not correct since there are two different sshd (on different 
machines) using the same IP. 
 
I think that solution would be to add port number information to known_hosts when it's 
different than default one (22). That maybe won't break compatibility with other ssh 
software and will avoid such problems like mine. Is that proposition ok with you? (then 
I'll think about preparing patch :)
Comment 1 Damien Miller 2003-03-27 21:35:42 AEDT 
Please check existing bug reports

*** This bug has been marked as a duplicate of 454 ***
Comment 2 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED