Verify DNS fingerprints not working
Bug #1898590 reported by
Andreas Tauscher
This bug report is a duplicate of:
Bug #1897744: VerifyHostKeyDNS not working due to missing trust-ad flag.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd |
Unknown
|
Unknown
|
|||
glibc (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
openssh (Debian) |
Unknown
|
Unknown
|
|||
openssh (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
New
|
Undecided
|
Unassigned |
Bug Description
When setting in /etc/ssh/ssh_config VerifyHostKeyDNS to yes the fingerprints are fetched, but the result is always:
debug1: found n insecure fingerprints in DNS
With dig +dnssec -tsshfp hostname the result is ok: ad flg is set.
tags: | added: server-next |
To post a comment you must log in.
ssh version is OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020