https://bugzilla.mindrot.org/show_bug.cgi?id=3781
--- Comment #6 from Damien Miller <d...@mindrot.org> --- xxxx:yyyy:zzzz::f3 (In reply to sshbugs.to.davies from comment #5) > > Is the debug trace an example of this? > Yes. > > > What was in known_hosts when you generated the trace? > As stated in my original report, but repeated for convenience with > anonymisation retained: > C:\Users\Administrator>cat \cwrsync_6.3.0_x64_free\known_hosts > @cert-authority > *.lan.xxxxxxxxxxxxxx,192.168.51.*,192.168.1.*,192.168.13.*,xxxx:yyyy: > zzzz:0:* ssh-ed25519 > asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf > host_ca.pub That pattern is guaranteed not to work because the address wildcard xxxx:yyyy:zzzz:0:* won't match the normalised address xxxx:yyyy:zzzz::f3 > > What sort of addresses does this fail for? > IPv6 addresses of the form xxxx:yyyy:zzzz::anything. > > > Also, what do you mean by "addresses that are generated dynamically" ? > Addresses generated by DHCP6, as ULAs or by similar processes; > addresses that are not static and therefore may contain any unique > value in the last 64 bits. Do you mean the last 64 bits or the last 48? If you have a /64, why are you allocating dynamic addresses with non-zero bytes 7-8? Basically I'm not understanding how/why xxxx:yyyy:zzzz::* is failing for you, as that is the form that you should be using. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
