Debian Bug report logs - #500568
improper IPv6 address matching for known_hosts

version graph

Package: openssh-client; Maintainer for openssh-client is Debian OpenSSH Maintainers <>; Source for openssh-client is src:openssh.

Reported by: martin f krafft <>

Date: Mon, 29 Sep 2008 12:57:01 UTC

Severity: normal

Tags: ipv6, jessie, sid, squeeze, wheezy

Found in version openssh/1:5.1p1-2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Debian OpenSSH Maintainers <>:
Bug#500568; Package openssh-client. (Mon, 29 Sep 2008 12:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <>. (Mon, 29 Sep 2008 12:57:04 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: martin f krafft <>
To: Debian Bug Tracking System <>
Subject: improper IPv6 address matching for known_hosts
Date: Mon, 29 Sep 2008 14:54:02 +0200
[Message part 1 (text/plain, inline)]
Package: openssh-client
Version: 1:5.1p1-2
Severity: normal
Tags: ipv6

piper:~|master|% ssh mother uname -a
Warning: Permanently added the RSA host key for IP address '2001:a60:f069:0:204:4bff:fe80:8003' to the list of known hosts.
Linux mother 2.6.18-6-k7 #1 SMP Fri Jun 6 22:56:53 UTC 2008 i686 GNU/Linux

This is weird, since I meticulously added the IPv6s of all my hosts
to the known hosts file:

piper:~|master|% grep 204:4bff:fe80:8003 .ssh/known_hosts,mother,,2001:a60:f069::204:4bff:fe80:8003 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxWtcjXSC04NpOsks/+PAoWz+1Qw75gLZydT7MuJCjjPR9BpXNOpG9CsCCQuoUKKdH6QUMLp6vnMEf6xAMgd2TapyZYORxI+Fll2av4Fo0y1ExpaCNKAVt9tJwxtcOZ+ReFLx9jPQzB4POqebbDpGnw0jxOX/wTEzNBGhmmvgo82YbSJeuJlxU6kGm6+914rK0MsPw3k04py4JD1JEBZG+8Qi632/EkJWMfO8SiR5LDVibpg9hyZiA/gigNzIw07xkevgMWiIzOL4fGdFCRDIH5DsKfRS/SBEgUIfZTxCLF3J1zOEW1l8KUGHa0Lp3DVKIJN+/p5dXlfhm3xVyTeYaQ==
2001:a60:f069:0:204:4bff:fe80:8003 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxWtcjXSC04NpOsks/+PAoWz+1Qw75gLZydT7MuJCjjPR9BpXNOpG9CsCCQuoUKKdH6QUMLp6vnMEf6xAMgd2TapyZYORxI+Fll2av4Fo0y1ExpaCNKAVt9tJwxtcOZ+ReFLx9jPQzB4POqebbDpGnw0jxOX/wTEzNBGhmmvgo82YbSJeuJlxU6kGm6+914rK0MsPw3k04py4JD1JEBZG+8Qi632/EkJWMfO8SiR5LDVibpg9hyZiA/gigNzIw07xkevgMWiIzOL4fGdFCRDIH5DsKfRS/SBEgUIfZTxCLF3J1zOEW1l8KUGHa0Lp3DVKIJN+/p5dXlfhm3xVyTeYaQ==

The problem is simply that I entered the shortened, RFC-compliant
version, which simply leaves out complete octet pairs of zeroes:

vs.      2001:a60:f069:0:204:4bff:fe80:8003

OpenSSH's client seems to be unable to deal with this, which is
a bug, since the shortened version is defined in the standard.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser               3.110              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.23             Debian configuration management sy
ii  dpkg                  1.14.22            Debian package management system
ii  libc6                 2.7-13             GNU C Library: Shared libraries
ii  libcomerr2            1.41.1-3           common error description library
ii  libedit2              2.11~20080614-1    BSD editline and history libraries
ii  libkrb53              1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii  libncurses5           5.6+20080920-1     shared libraries for terminal hand
ii  libssl0.9.8           0.9.8g-13          SSL shared libraries
ii  passwd                1:4.1.1-5          change and administer password and
ii  zlib1g                1:  compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-client suggests:
ii  gtk-led-askpass [ssh-askpass] 0.10-2     GTK+ password dialog suitable for 
pn  keychain                      <none>     (no description available)
pn  libpam-ssh                    <none>     (no description available)

-- no debconf information

 .''`.   martin f. krafft <>
: :'  :  proud Debian developer, author, administrator, and user
`. `'` -
  `-  Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Severity set to 'serious' from 'normal' Request was from Clint Adams <> to (Tue, 23 Mar 2010 01:03:18 GMT) Full text and rfc822 format available.

Added tag(s) sid and squeeze. Request was from Gerfried Fuchs <> to (Tue, 23 Mar 2010 07:51:50 GMT) Full text and rfc822 format available.

Severity set to 'normal' from 'serious' Request was from Gerfried Fuchs <> to (Tue, 23 Mar 2010 08:30:21 GMT) Full text and rfc822 format available.

Added tag(s) wheezy. Request was from Kurt Roeckx <> to (Wed, 16 Feb 2011 19:03:18 GMT) Full text and rfc822 format available.

Added tag(s) jessie. Request was from Julien Cristau <> to (Thu, 18 Apr 2013 17:44:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Wed Apr 16 08:23:52 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.