-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ssh/knownhosts: cannot have multiple keys for same host #36126
Comments
Off topic, but I assume that's just pseudo code, as
Thanks for that info. I didn't know such a thing was supported. /cc @hanwen |
@bradfitz Yup, just to give you an idea of what I'm doing. I actually do have a fix, but I was unsure what should be in |
Sorry, I don't know much about this package. I'll let @hanwen handle this. |
I believe I ran into this problem. I had the following format in my known_hosts file.
|
closes golang/go#36126 Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I'm trying to open an ssh connection to
my-site.com:22
usingssh.Dial
where the config uses the callback provided byknownhosts.New("~/.ssh/known_hosts")
. I have aknown_hosts
file that looks like this:What did you expect to see?
Connection succeeds when either public key is provided.
What did you see instead?
Connection only succeeds when I happen to connect to
host1.my-site.com
. If it tries to connect tohost2.my-site.com
I get aKeyError
. I can connect to either host using thessh
program.Why did this happen?
Using
knownhosts.New
to build a host key callback rejects some hosts from the known_hosts file when there are multiple Public Keys of the same type. There is the assertion in theknownhosts
code which says "For each key algorithm, there can be one hostkey", which I don't believe is correct. I think we need to check keys from any line that matches the current host, rather than only ones that have key types we haven't seen yet.The text was updated successfully, but these errors were encountered: