Bug 1476 - .ssh/known_hosts does not save port number
Summary: .ssh/known_hosts does not save port number
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 5.0p1
Hardware: All Linux
: P2 minor
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-12 23:50 AEST by parasietje
Modified: 2008-07-22 12:24 AEST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description parasietje 2008-06-12 23:50:34 AEST
Problem: .ssh/known_hosts does not save the port number, only the IP/hostname. Thus, multiple ssh-servers on the same IP will cause key collisions.

Recreate:
Run sshd1 with certificate1 on port 2221
Run sshd2 with certificate2 on port 2222
Connect to localhost, port 2221.
    The server certificate is added to .ssh/known_hosts
Connect to localhost, port 2222
    Ssh reports REMOTE HOST KEY CHANGED

Expected behavior:
Ssh makes a difference between the ssh-server on port 2221, and the one on port 2222.


Known workaround:
Use HostKeyAlias to define an alias for the host on port 2221, and for the host on port 2222.


It would be a lot better if the port number were included in the .ssh/known_hosts as well.
Comment 1 Darren Tucker 2008-06-13 03:16:00 AEST
Thats' odd, because that's been there for a while.  What exact version are you using (ie what does ssh -V say?)

Using a server with a different key on port 2222 on "myserver" with a 5.0p1 client, I get:

$ ssh -o userknownhostsfile=/tmp/known myserver
The authenticity of host '[myserver]:2222 ([192.168.32.1]:2222)' can't be established.
[...]

and /tmp/known contains:

[myserver]:2222,[192.168.32.1]:2222 ssh-rsa AAAAB3Nz[...]

Be aware that using the default port does not add a port number, and if a matching host key is found without a port then it is used even if you're connecting on a nonstandard port (this is for backward compatibility).
Comment 2 parasietje 2008-06-13 10:03:56 AEST
I did not use the latest version. Terrible apologies for wasting your time!
Comment 3 Damien Miller 2008-07-22 12:24:56 AEST
Mass update RESOLVED->CLOSED after release of openssh-5.1