** Description changed:
+ [impact]
+
+ without trust-ad resolv.conf option, glibc will strip AD from systemd-
+ resolved responses. one thing this will prevent working is ssh/sftp
+ VerifyHostKeyDNS
+
+ [test case]
+
+ TBD
+
+ [regression potential]
+
+ TBD
+
+ [scope]
+
+ this is needed only in focal.
+
+ glibc first stripped the AD in version 2.31, so this is not needed in
+ bionic or earlier.
+
+ this was added upstream in commit a742f9828ea which was included in
+ v246, so this is fixed already in groovy.
+
+ [original description]
+
Hi,
1)
Description: Ubuntu 20.04.1 LTS
Release: 20.04
2)
systemd: 245.4-4ubuntu3.2
3)
I set VerifyHostKeyDNS to YES and hosts are automatically verified via sshfp.
4)
I still get the security question
Matching host key fingerprint found in DNS.
- Are you sure you want to continue connecting (yes/no/[fingerprint])?
+ Are you sure you want to continue connecting (yes/no/[fingerprint])?
The issue is known and fixed in systemd v246.
https://github.com/systemd/systemd/pull/16072
Best regards
Daniel
** Also affects: systemd (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: systemd (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1897744
Title:
VerifyHostKeyDNS not working due to missing trust-ad flag
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Focal:
In Progress
Bug description:
[impact]
without trust-ad resolv.conf option, glibc will strip AD from systemd-
resolved responses. one thing this will prevent working is ssh/sftp
VerifyHostKeyDNS
[test case]
TBD
[regression potential]
regressions would likely involve DNS lookup failures, probably if
DNSSEC is enabled but possibly even without, and likely when the
application requesting the dns lookup processes the response AD.
[scope]
this is needed only in focal.
glibc first stripped the AD in version 2.31, so this is not needed in
bionic or earlier.
this was added upstream in commit a742f9828ea which was included in
v246, so this is fixed already in groovy.
[original description]
Hi,
1)
Description: Ubuntu 20.04.1 LTS
Release: 20.04
2)
systemd: 245.4-4ubuntu3.2
3)
I set VerifyHostKeyDNS to YES and hosts are automatically verified via sshfp.
4)
I still get the security question
Matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
The issue is known and fixed in systemd v246.
https://github.com/systemd/systemd/pull/16072
Best regards
Daniel
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1897744/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
