[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 2359] New: [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principa
From: bugzilla-daemon () mindrot ! org
Date: 2015-02-23 17:59:00
Message-ID: bug-2359-705 () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Bug ID: 2359
Summary: [PATCH] Allow HostKeyAlias to be used in hostname
check against certificate principal
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: charles@dyfis.net
Created attachment 2555
--> https://bugzilla.mindrot.org/attachment.cgi?id=2555&action=edit
First-draft proposed patch
At present, a SSH certificate signed with the name of a round-robin
pool can't be used to authenticate a single, specific host within that
pool, if logging into it directly. Likewise, if DNS is temporarily
unavailable, one cannot log into a system secured by a host certificate
by IP unless its IP address is listed as a principal.
I propose to address this by allowing a a name passed in the
HostKeyAlias option to match a system's principal name in the same
manner, and using the same logic, as presently used for the name used
for the actual lookup and connection.
Proposed on mailing list at
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-February/033443.html.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic