Description
Hello everyone,
Assuming I have the following known_hosts file containing twice the public key of the same host but with different algorithms.:
lserver1 ssh-dss XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # lserver1 ecdsa-sha2-nistp256 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
During the connection when I use DefaultKnownHostsServerKeyVerifier to verify the keys, if the target host presents a ecdsa-sha2-nistp256 key, the verification will fail because DefaultKnownHostsServerKeyVerifier seems to match to the first occurence of the hostname in the know_host file. Therefore It will match the key lserver1 ssh-dss XXXXXXXXXXXX... and the comparison to the same key but with ecdsa-sha2-nistp256 algorithm presented by the target host will fail. Shouldn't it iterate through the file until the right combination (hostname, algorithm) is found? This way it could check with lserver1 ecdsa-sha2-nistp256 XXXX..... instead of lserver1 ssh-dss XXXXX......
This works fine with openssh.
Thanks
Attachments
Issue Links
- links to