-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipv6: missing port in address #1
Comments
Thank you for the issue report! After looking into this a bit, I suspect the root cause is actually golang/go#53463: in golang.org/x/crypto/ssh/knownhosts, the Normalize function doesn't correctly handle ipv6 addresses that use the standard port 22. The WriteKnownHost function here in https://github.com/skeema/knownhosts currently relies on the value returned by that golang.org/x/crypto/ssh/knownhosts Normalize function as-is, but we could adjust this to work around golang/go#53463. I think it would just require a few lines of code to check for leading + trailing brackets, and stripping them if both are found, meaning it's an ipv6 address without a port specified. I can try that on my end in a few days, or happy to accept a PR as long as it includes test coverage for that situation. Either way is fine. Thanks again for spotting this and reporting it! |
@evanelias Thanks for providing the detailed information. I will try to submit a PR tomorrow. |
Thanks, sounds great! I just realized that WriteKnownHost doesn't have its own unit test yet, so that might make test coverage for the change tricky. For now, one possible path could be to just create a new exported Normalize function, which wraps golang.org/x/crypto/ssh/knownhosts's Normalize but fixes its handling of ipv6. Then you could just add a unit test which covers Normalize, rather than having to write a unit test for all of WriteKnownHost. Separate from the write path, there's also the question of how to handle existing ~/.ssh/known_hosts files which already have ipv6 entries with brackets but no port. We probably just need to require users to edit them by hand :( In theory we could do something in New to handle this "missing port in address" error automatically (rewrite the file to a temp location with the problem fixed, and re-parse?) but that feels messy... |
If there is an invalid entry in the known hosts, everyone removes them on error. It is probably not a good idea to modify the known hosts automatically without explicit authorization from the user. I think adding a |
Implement workaround in WriteKnownHost for IPv6 addresses. Closes #1
Yeah definitely agree that This feels messy though, and also means any KeyError.Want.Filename values will be wrong (referring to the temp file instead of the real file). So I agree your suggestion of a separate |
…ortCertAuthorities into main Reviewed-on: https://gitea.daedalean.ai/daedalean-github/knownhosts/pulls/1
Using
WriteKnownHost
will get an entry with ipv6:The next login fails:
The text was updated successfully, but these errors were encountered: