Re: ssh warning: the ED25519 host key for '' differs from the key for the IP address ''

[Jeremie Courreges-Anglas]

On Wed, Oct 28 2020, Damien Miller <d...@mindrot.org> wrote:
> On Mon, 26 Oct 2020, Jeremie Courreges-Anglas wrote:
>
>> On Fri, Oct 23 2020, Damien Miller <d...@mindrot.org> wrote:
>> > On Fri, 23 Oct 2020, Jeremie Courreges-Anglas wrote:
>> >
>> >> 
>> >> I upgraded my ports builder from snaps yesterday and I hit this when
>> >> running cvs up:
>
> [big snip]
>
> I think I have replicated your problem. Can you roll your known_hosts
> back to just the ecdsa-sha2-nistp256 keys, apply this patch and attempt
> a few connections? You should see no more conflicts between IPv4/IPv6
> addresses.

Here's a v6->v4 case which didn't improve.  I believe that the data
provided below should help you reproduce the issue, if not there's
something weird going on.  Feel free to send more patches my way.


--8<--
russell ~$ cp /home/jca/.ssh/known_hosts-ecdsa /home/jca/.ssh/known_hosts
russell ~$ cat /home/jca/.ssh/known_hosts-ecdsa
ftp.hostserver.de,217.31.80.35 ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7jym1iJpFZfWWS+TTCGQv/CcVoFR4MVCR45YB6mmTL3V5bWwIQ8ggYGgbLcRV+M9VQL2zm0Nykw5HXbFXQ9D8=
2a00:15a8:0:100:d91f:5023:0:1 ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7jym1iJpFZfWWS+TTCGQv/CcVoFR4MVCR45YB6mmTL3V5bWwIQ8ggYGgbLcRV+M9VQL2zm0Nykw5HXbFXQ9D8=
russell ~$ ssh -4 anon...@ftp.hostserver.de
PTY allocation request failed on channel 0

To use anonymous CVS install the latest version of CVS on your local machine.
Then set your CVSROOT environment variable to the following value:
        anon...@ftp.hostserver.de:/cvs

^Crussell ~$ cat /home/jca/.ssh/known_hosts
ftp.hostserver.de,217.31.80.35 ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7jym1iJpFZfWWS+TTCGQv/CcVoFR4MVCR45YB6mmTL3V5bWwIQ8ggYGgbLcRV+M9VQL2zm0Nykw5HXbFXQ9D8=
2a00:15a8:0:100:d91f:5023:0:1 ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7jym1iJpFZfWWS+TTCGQv/CcVoFR4MVCR45YB6mmTL3V5bWwIQ8ggYGgbLcRV+M9VQL2zm0Nykw5HXbFXQ9D8=
russell ~$ ssh -6 anon...@ftp.hostserver.de
PTY allocation request failed on channel 0

To use anonymous CVS install the latest version of CVS on your local machine.
Then set your CVSROOT environment variable to the following value:
        anon...@ftp.hostserver.de:/cvs

russell ~$ cat /home/jca/.ssh/known_hosts
ftp.hostserver.de,217.31.80.35 ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7jym1iJpFZfWWS+TTCGQv/CcVoFR4MVCR45YB6mmTL3V5bWwIQ8ggYGgbLcRV+M9VQL2zm0Nykw5HXbFXQ9D8=
2a00:15a8:0:100:d91f:5023:0:1 ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7jym1iJpFZfWWS+TTCGQv/CcVoFR4MVCR45YB6mmTL3V5bWwIQ8ggYGgbLcRV+M9VQL2zm0Nykw5HXbFXQ9D8=
ftp.hostserver.de,2a00:15a8:0:100:d91f:5023:0:1 ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABAQDlCI96jPiGKnN07xj5ZhVPvo0gMo3TZOMtuf02afv9xm6+2vQlVqJThnavg3W0u6gaHV45MtldA/P4DaQbG50DPof9mJ3y1U2hbl+kU8tTfpVMC0WdXHbTpSmdkp5KVirFwZcubd2UFn8dXNtosULMahghvI2WzynLiO/hILzMrKE3J9LMG9mH2cbB3dAZ2KsHklQnrPb8xWhvaskcs3z94LgNyZbxF3uhOZBz019m5ba/DMjyoTLoNNNSRZ/Ur8JQIRSVzQPUwJ+AXCiZ8OoPF6RNmU9WjTFPt5K7dr4kOyZpDTBu103b2TUaJfiB/Gz2BNqyK11tLjLfXQO6Wez5
ftp.hostserver.de,2a00:15a8:0:100:d91f:5023:0:1 ssh-ed25519 
AAAAC3NzaC1lZDI1NTE5AAAAIGtEuMXXJNl4whGkEOPWiq/XHgfzejdJvOKFL8S3kZDL
russell ~$ ssh -6 anon...@ftp.hostserver.de
PTY allocation request failed on channel 0

To use anonymous CVS install the latest version of CVS on your local machine.
Then set your CVSROOT environment variable to the following value:
        anon...@ftp.hostserver.de:/cvs

russell ~$ ssh -4 anon...@ftp.hostserver.de
Warning: the ED25519 host key for 'ftp.hostserver.de' differs from the key for 
the IP address '217.31.80.35'
Offending key for IP in /home/jca/.ssh/known_hosts:1
Matching host key in /home/jca/.ssh/known_hosts:4
Are you sure you want to continue connecting (yes/no)? ^C
-->8--



-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE