Rebuild of openssh in unstable for DNSSEC functionality

To: debian-ssh@lists.debian.org
Subject: Rebuild of openssh in unstable for DNSSEC functionality
From: Bernhard Schmidt <berni@birkenwald.de>
Date: Sun, 20 Jun 2010 15:26:34 +0200
Message-id: <[🔎] 4C1E170A.6030000@birkenwald.de>

Hi,

using a DNSSEC authenticated SSHFP fingerprint to authenticate theremote host (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049)does not work even in unstable at the moment, because eglibc 2.11entered unstable only after the latest build of openssh andRES_USE_DNSSEC was not defined in 2.10.


debug1: found 1 insecure fingerprints in DNS
debug1: matching host key fingerprint found in DNS

The authenticity of host 'proplay.mucip.net (2001:1608:12::297)' can'tbe established.

RSA key fingerprint is 37:34:90:ce:38:1b:71:25:c9:0a:5a:f8:73:de:23:9d.
Matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? ^C

Just rebuilding your 5.5p4 with a current squeeze fixes this

debug1: found 1 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS
debug1: ssh_rsa_verify: signature correct

Please consider rebuilding the package (by uploading a new version) ifyou are not planning to do that in the near future anyway.


Thanks,
Bernhard

Reply to:

Prev by Date: Bug#586480: openssh-server: chroot directive is not working when using FISH (File transfer of shell with midnight commander)
Next by Date: Bug#212518: may upstream can take a look at Debian bugs like this
Previous by thread: Bug#586480: openssh-server: chroot directive is not working when using FISH (File transfer of shell with midnight commander)
Next by thread: Bug#212518: may upstream can take a look at Debian bugs like this
Index(es):
- Date
- Thread