Bug 2074 - Host key verification incorrectly handles IPv6 addresses
Summary: Host key verification incorrectly handles IPv6 addresses
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 6.1p1
Hardware: All Linux
: P5 minor
Assignee: Assigned to nobody
URL:
Keywords: needs-release-note
Depends on:
Blocks: V_6_8
  Show dependency treegraph
 
Reported: 2013-02-23 21:59 AEDT by Tomas Szaniszlo
Modified: 2015-08-11 23:03 AEST (History)
1 user (show)

See Also:

Attachments
canonicalise hostnames that are actually addresses (5.05 KB, patch)
2013-03-08 11:42 AEDT, Damien Miller 		no flags Details | Diff
Canonicalise addresses when CanonicaliseHostnames enabled (2.73 KB, patch)
2014-07-03 16:18 AEST, Damien Miller 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Szaniszlo 2013-02-23 21:59:39 AEDT 
Host key verification does not handle different but equivalent notations of an IPv6 address as one. This affects but may be not limited to usage of ::.

Steps to reproduce:
1. ssh to ::1
2. confirm host key
3. cancel session
(3a. ssh to ::1 again to check that no verification is needed and host is known)
4. ssh to ::0:1
5. host key confirmation needed
6. cancel session
7. ssh to 0:0:0:0:0:0:0:1
8. host key confirmation needed
9. cancel session

Expected result is that in steps 5 and 8 no confirmation is required and ssh recognizes that the IP addresses are equivalent with the first one (per http://tools.ietf.org/html/rfc5952#section-4).

Suggested solution is to canonicalize IPv6 addressees when comparing them in host key verification.

This affects at least distribution 5.5p1 on Debian Squeeze and 6.1p1 built from source, but probably affects all OSes.
Comment 1 Damien Miller 2013-03-08 11:42:58 AEDT 
Created attachment 2226 [details]
canonicalise hostnames that are actually addresses

Host names passed on the commandline are treated as names first and addresses a distant second, which is why this doesn't behave the way you might expect. The host key lookup is incredibly fiddly, but generally prefers that you confirm a key that you maybe have seen before over accepting it. Furthermore, localhost is a special case again so it isn't the best address to test with.

That being said, the attached patch will attempt to canonicalise IP addresses that are passed on the commandline. I'm not entirely sure that we want this, but we are probably going to do some other sort of canonicalisation sooner or later anyway so it might be worthwhile then - I don't intend on committing it as-is.
Comment 2 Tomas Szaniszlo 2013-03-26 11:51:30 AEDT 
Sorry for the later response.

Regarding those localhost addresses, it was only an unfortunate obfuscation; I tested it with real 2001:: addresses.

Regarding the patch, I wanted to try it out but after inspection of sources for BSD tarball and Linux nightly snapshot, I couldn't find out to which sources should I apply that patch.

Maybe a question - could there be any disadvantages of doing this?
Comment 3 Damien Miller 2014-07-03 16:18:32 AEST 
Created attachment 2453 [details]
Canonicalise addresses when CanonicaliseHostnames enabled

This puts the address canonicalisation inside the recently-added hostname canonicalisation code.
Comment 4 Damien Miller 2015-04-17 15:06:56 AEST 
this was fixed in openssh-6.8
Comment 5 Damien Miller 2015-08-11 23:03:36 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1