On 19/02/16 01:43, Michael Gebhard wrote:
Hello, I have a server whose public key associated with it's domain name and IPv4 address is in my known_hosts, I also have set the StrictHostKeyChecking option. When trying to connect via IPv6 ssh prints: RSA host key for IP address [...] not in list of known hosts. and asks for my private key passphrase. When trying to connect via IPv6 with the IPv6 address associated with the servers public key in my known_hosts, ssh asks for my passphrase and connects normally. When trying to connect via IPv6 with the public key removed from my known_hosts ssh refuses to connect. The message "RSA host key for IP..." implies that the public key is missing yet ssh neither prompts the fingerprint (without StrictHostKeyChecking) nor refuses to connect (with StrictHostKeyChecking) nor does it mention that the key is there just not associated with the shown IP address.
You are trying to connect by name, right? Then this is the normal behavior, and the same it does with IPv4. You want to connect to server (eg. mindrot.org), the public key presented by the host matches the one it has stored for mindrot.org. Thus, it is the right server, even if the IP wasn't seen before. OTOH if the public key was in the file but associated to a different hostname, it would be incorrect to prceed, and you will find that in such case openssh will complain and prompt with the fingerprint / refuse to connect.
Regards _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
