Page MenuHomePhabricator

Knownhost notation with port wildcard ( [hostname]:* ) doesn't accept port 22
Open, HighPublic

Description

Port 22 isn't caught by [hostname]:*. Reproducer added.

Event Timeline

asn assigned this task to Jakuje.Feb 7 2019, 3:16 PM
asn triaged this task as High priority.
Jakuje added a comment.Feb 7 2019, 6:03 PM

Actually, man page for sshd from OpenSSH says the following:

A hostname or address may optionally be enclosed within ‘[’ and ‘]’ brackets then followed by ‘:’ and a non-standard port number.

And according this the implementation in libssh is written. Note, that port 22 is standard port and therefore libssh does not attempt to match against the "expanded" version of the [host]:port syntax. Technically, this is a problem of your provided configuration and OpenSSH accepting this pattern, but since OpenSSH is the base that we are trying to be compatible should probably fix this to be compatible.

Internally, there is used generic pattern match, which does not know anything about the square braces.

Whatever I tried so far did not end with nice generic code, but with awkward handling of this single corner case, mostly because the ssh_known_hosts_parse_line() is in public api, which already expects the input in this way, but handling this case inside this function results in.

There is my WIP branch with a reproducers and a fix, that works, but I am not happy with:
https://gitlab.com/jjelen/libssh-mirror/commits/knownhosts-wildcard

Any comments, suggestions or proposals how this would be best handled are welcomed