Date: Wed, 11 Feb 2015 22:14:00 -0500 From: Eric van Gyzen <eric@vangyzen.net> To: stable@freebsd.org Subject: Re: ssh known_hosts in 10.1 Message-ID: <54DC1A78.9010500@vangyzen.net> In-Reply-To: <54DBD1C2.4000108@vangyzen.net> References: <54DBD1C2.4000108@vangyzen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/11/15 5:03 PM, Eric van Gyzen wrote:
> -stable:
>
> I just updated my workstation from 10.0 to 10.1. Now, ssh is prompting
> me to accept host keys that I accepted long ago. ssh is looking for the
> host key in known_hosts using the name given on the command line; it
> previously used the FQDN. ssh-keygen -F confirms that known_hosts has
> the same key for the FQDN.
>
> If I recall correctly, using the FQDN in known_hosts was a FreeBSD
> customization. Did this get dropped during the OpenSSH update?
As it turns out, OpenSSH 6.5 or 6.6 added a hostname canonicalization
feature that--as I understand--should make FreeBSD's customization
obsolete. Based on the description in ssh_config, the following should
behave as ssh did in 10.0:
ssh -o 'CanonicalizeHostname yes' -o 'CanonicalizeFallbackLocal
yes' short-name
However, it doesn't find the host key, because it's looking for the
short-name, not the FQDN:
The authenticity of host 'short-name (192.0.2.42)' can't be
established.
Can anyone else confirm this behavior?
Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54DC1A78.9010500>