OpenSSH VerifyHostKeyDNS broken in 10.7.x and later
| Originator: | jeff | ||
| Number: | rdar://11875865 | Date Originated: | 07/14/2012 |
| Status: | Open | Resolved: | |
| Product: | OSX | Product Version: | 10.7+ |
| Classification: | Security | Reproducible: | Yes |
Summary: When using the OpenSSH client with the VerifyHostKeyDNS option, you get a "general error" DNS response when the DNS record is valid. Steps to Reproduce: ssh -o "VerifyHostKeyDNS yes" -v foo@git.fedorahosted.org Expected Results: debug1: found 2 insecure fingerprints in DNS debug1: matching host key fingerprint found in DNS Actual Results: DNS lookup error: general failure Regression: Notes: This appears to work correctly in 10.6.8, but I've tried 10.7.0, 10.7.4, and 10.8, 10.9, and 10.10 and all return a general error on the DNS lookup.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!