Re: host key for IPv6 not in known_hosts message

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 19/02/16 01:43, Michael Gebhard wrote:
Hello,

I have a server whose public key associated with it's domain name and IPv4 address
is in my known_hosts, I also have set the StrictHostKeyChecking option.

When trying to connect via IPv6 ssh prints:
RSA host key for IP address [...] not in list of known hosts.
and asks for my private key passphrase.

When trying to connect via IPv6 with the IPv6 address associated with
the servers public key in my known_hosts,
ssh asks for my passphrase and connects normally.

When trying to connect via IPv6 with the public key removed from my known_hosts
ssh refuses to connect.

The message "RSA host key for IP..." implies that the public key is missing
yet ssh neither prompts the fingerprint (without StrictHostKeyChecking)
nor refuses to connect (with StrictHostKeyChecking)
nor does it mention that the key is there just not associated with the
shown IP address.

You are trying to connect by name, right? Then this is the normal behavior, and the same it does with IPv4. You want to connect to server (eg. mindrot.org), the public key presented by the host matches the one it has stored for mindrot.org. Thus, it is the right server, even if the IP wasn't seen before. OTOH if the public key was in the file but associated to a different hostname, it would be incorrect to prceed, and you will find that in such case openssh will complain and prompt with the fingerprint / refuse to connect.

Regards

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux