Bug #5836: sshd VerifyReverseMapping fails for IPv4 connections to machines with IPv6 addresses. - illumos gate - illumos

Actions

Copy link

Bug #5836

closed

sshd VerifyReverseMapping fails for IPv4 connections to machines with IPv6 addresses.

Added by Andy Fiddaman over 7 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Andy Fiddaman

Category:

cmd - userland programs

Start date:

2015-04-14

Due date:

% Done:

80%

Estimated time:

Difficulty:

Medium

Tags:

Gerrit CR:

Description

The code in sshd which verifies the reverse mapping for a client IP address (VerifyReverseMapping yes in sshd_config) fails if the system has an IPv6 address. The client IP address is returned as an IPv4 mapped address which is subsequently converted to a plain IPv4 address. When the forward mapping is performed to check the IP address, the plain IPv4 address is passed along with what is now the wrong address family.

Dtrace shows:

Entering get_remote_hostname()

getpeername ss_family=26

getnameinfo(flags=2)
        returning 0 (::ffff:192.168.1.1)

getnameinfo(flags=4)
        returning 0 (test.citrus-it.net)

getaddrinfo(test.citrus-it.net, family=26)
        returning 7 (EAI_NODATA)

get_remote_hostname() returning "192.168.1.1"

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

illumos gate

Custom queries

Bug #5836

sshd VerifyReverseMapping fails for IPv4 connections to machines with IPv6 addresses.

Updated by Richard PALO almost 7 years ago

Updated by Yuri Pankov over 5 years ago

Updated by Yuri Pankov over 5 years ago