I'm trying to connect through veth to link-local address. However ssh tries to resolve it: % ssh 'fe80::1' -v -v -v -S none OpenSSH_7.5p1-hpn14v12lpk, OpenSSL 1.0.2l 25 May 2017 debug1: Reading configuration data /home/mpiechotka/.ssh/config debug1: /home/mpiechotka/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "fe80::1" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to fe80::1 [fe80::1] port 22. debug1: connect to address fe80::1 port 22: Invalid argument ssh: connect to host fe80::1 port 22: Invalid argument % ssh 'fe80::1%xe-<NAME>' -v -v -v -S none OpenSSH_7.5p1-hpn14v12lpk, OpenSSL 1.0.2l 25 May 2017 debug1: Reading configuration data /home/mpiechotka/.ssh/config debug1: /home/mpiechotka/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "fe80::1%xe-<NAME>" port 22 ssh: Could not resolve hostname fe80::1%xe-<NAME>: Name or service not known
(In reply to Maciej Piechotka from comment #0) > OpenSSH_7.5p1-hpn14v12lpk That is a set of third party modifications that is not supported by the openssh team. Can you reproduce the problem with the stock code from openssh.com?
(In reply to Maciej Piechotka from comment #0) > I'm trying to connect through veth to link-local address. However > ssh tries to resolve it: > > % ssh 'fe80::1' -v -v -v -S none This link-local address is missing its interface scope > OpenSSH_7.5p1-hpn14v12lpk, OpenSSL 1.0.2l 25 May 2017 This isn't what we ship - it contains vendor patches. Please try to reproduce your problems with unpatched OpenSSH, or report the problems to your vendor. > % ssh 'fe80::1%xe-<NAME>' -v -v -v -S none I don't know what this syntax is for specifying the interface scope, but plain interface names work fine: [djm@argon ~]$ ssh fe80::744b:fff:d37:8a4a%em1 The authenticity of host 'fe80::744b:fff:d37:8a4a%em1 (fe80::744b:fff:d37:8a4a%em1)' can't be established. Perhaps your libc getaddrinfo(3) doesn't know about your interface naming scheme?
(In reply to Damien Miller from comment #2) > (In reply to Maciej Piechotka from comment #0) > > I'm trying to connect through veth to link-local address. However > > ssh tries to resolve it: > > > > % ssh 'fe80::1' -v -v -v -S none > > This link-local address is missing its interface scope > Yes, I was just showing as completeness that IPv6 is working. > > OpenSSH_7.5p1-hpn14v12lpk, OpenSSL 1.0.2l 25 May 2017 > > This isn't what we ship - it contains vendor patches. Please try to > reproduce your problems with unpatched OpenSSH, or report the > problems to your vendor. > > > % ssh 'fe80::1%xe-<NAME>' -v -v -v -S none > > I don't know what this syntax is for specifying the interface scope, > but plain interface names work fine: > xe-<NAME> is the name of interface. Edit: I can connect without upper case letter in interface name. > [djm@argon ~]$ ssh fe80::744b:fff:d37:8a4a%em1 > The authenticity of host 'fe80::744b:fff:d37:8a4a%em1 > (fe80::744b:fff:d37:8a4a%em1)' can't be established. > > Perhaps your libc getaddrinfo(3) doesn't know about your interface > naming scheme? It works with ping so I find it unlikely. Is ssh tries to normalize address by converting all upper case letters to lower case.
> > [djm@argon ~]$ ssh fe80::744b:fff:d37:8a4a%em1 > > The authenticity of host 'fe80::744b:fff:d37:8a4a%em1 > > (fe80::744b:fff:d37:8a4a%em1)' can't be established. > > > > Perhaps your libc getaddrinfo(3) doesn't know about your interface > > naming scheme? > > It works with ping so I find it unlikely. Is ssh tries to normalize > address by converting all upper case letters to lower case. I confirmed by gdb that getaddrinfo is called with lower case which is called by resolve_host. I think the guilty line is (I used git master): 1021: lowercase(host);
Ping. I don't know why the line is there so I'm unable to send a patch fixing it but it shouldn't be hard to fix. I'm not sure about OpenBSD but it seems to be broken on any system where interfaces as case-sensitive.
Created attachment 3068 [details] don't lowercase hostnames that look like addresses
Comment on attachment 3068 [details] don't lowercase hostnames that look like addresses >+ memset(&hints, 0, sizeof(hints)); maybe bzero? >+ if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) gaierr is never used. otherwise ok.
Created attachment 3086 [details] don't lowercase but explicitly canonicalise address I just realised that the previous patch will cause problems for people who have learned hostkeys for IPv6 addresses and then subsequently attempt to connect to them but using upper-case addresses, e.g. ssh FE80::1%lo0 This skips the lowercasing for addresses but still sends them through a getaddrinfo()/getnameinfo() wash to render them in canonical form. This should preserve uppercase interface scopes (modulo bugs in libc). It also aborts hostname canonicalisation for address-like strings that don't parse as addresses, such as addresses with unrecognised interface scoping. BTW, Darren - someone replaced all the bzero() calls with memset() in OpenSSH a while back. I complained at the time, but I don't want to be the guy who adds the first one back in :/
Fix committed, this will be in OpenSSH 7.7
Close all resolved bugs after release of OpenSSH 7.7.