Bug 2747 - Different notations for the same IP-address result in multiple entries in known_hosts
Summary: Different notations for the same IP-address result in multiple entries in kno...
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.5p1
Hardware: All All
: P5 minor
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-25 01:51 AEST by Mikhail T.
Modified: 2018-10-19 17:17 AEDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail T. 2017-07-25 01:51:32 AEST
When checking the known_hosts-database for an IP-address, the client is not attempting to normalize the IP. For example, connecting to the following destinations in sequence:

 * 10.10.220.46
 * 168483886
 * 0xa0adc2e
 * 0x0a0adc2e
 * 0x00a0adc2e
 * 0x000a0adc2e

triggers the "are you sure?" warning each time -- and a separate line in the ~/.ssh/known_hosts for each -- with the same host-key, of course.

To solve this, OpenSSH developers need to agree on the "canonical" representation for IPv4 (and IPv6!) addresses. Then the client-side
needs to be modified to:

 1. When looking up the host in the list, look for the canonical
    representation first. If no entry is found, look for the few
    other possible representations and, if found, quietly convert/merge
    such entry(ies) into canonical.
 2. When adding a new entry, always add it in the canonical form
    regardless of the command-line.
Comment 1 Mikhail T. 2017-07-25 01:54:55 AEST
There is, actually, a security implication to this bug -- a MITM attack may be made possible by sending the user to the host identified by the same IP-address in a different notation.

Instead of a "the host's key has changed" *error*, they'll get a "would you like to add this key" *warning*...
Comment 2 Damien Miller 2018-05-25 13:34:03 AEST
This was fixed in openssh-7.7. Addresses are now canonicalised by default.
Comment 3 Damien Miller 2018-10-19 17:17:24 AEDT
Close RESOLVED bugs with the release of openssh-8.0