3235 – pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts

Bug 3235 - pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts

Summary: pubkey auth with dns name in from= filter in authorized keys not working on i...

Status:	CLOSED INVALID

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	8.0p1
Hardware:	amd64 Linux

Importance:	P5 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-11-21 01:00 AEDT by Max Langbein
Modified:	2021-03-04 09:52 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
example settings (973 bytes, text/plain) 2020-11-21 01:00 AEDT, Max Langbein	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Max Langbein 2020-11-21 01:00:24 AEDT

Created attachment 3456 [details]
example settings

In case the host is ip6 only, and the originating host has ip6+ip4, with the dns entry containing the ip4 address before the ip6 address, no match is recognized, and public-key authentication fails.

I may be a general problem with multi-address dns entries, where only the first one is used to compare with the connecting ip.

Comment 1 Damien Miller 2020-11-23 10:10:48 AEDT

Does the ssh server in this case have UseDNS enabled? It's not on by default.

Comment 2 Max Langbein 2020-11-24 04:37:09 AEDT

You are right. Sorry for wasting your time, however, you helped me finding my bug , so thank you very much :-)

Comment 3 Damien Miller 2021-03-04 09:52:22 AEDT

close bugs that were resolved in OpenSSH 8.5 release cycle