The update to OpenSSH 6.5p1 (r261320) removed FreeBSD's customization to use the canonical hostname (FQDN) in the known_hosts file. Was this intentional? Could it be restored? Conveniently, patch-ssh.c from security/openssh-portable applies cleanly to releng/10.1 (and to head, I expect). The new CanonicalizeHostname and related options can be used to get the old behavior, but only by manually configuring the DNS search path in an ssh client config file. It would be unfortunate if this were required in order to preserve the long-standing behavior.
DES, any comments on this?
I remember discussing this out of band but I forgot to follow up. As far as I recall, the patch was removed because upstream introduced a similar mechanism, but apparently it is not entirely equivalent. Since 10.2 is right around the corner and has the same issue, I guess the simplest solution is to adopt the patch from the port and revisit the issue later.
Dag-Erling's memory is correct. https://lists.freebsd.org/pipermail/freebsd-stable/2015-April/082206.html https://lists.freebsd.org/pipermail/freebsd-stable/2015-February/081813.html It would be _very_ nice to apply the patch from the port before 10.2. I'll try, but I'm still recovering from a cross-country relocation and don't have my environments set up.
https://reviews.freebsd.org/D3103
A commit references this bug: Author: vangyzen Date: Thu Jul 16 18:44:19 UTC 2015 New revision: 285642 URL: https://svnweb.freebsd.org/changeset/base/285642 Log: ssh: canonicize the host name before looking it up in the host file Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c PR: 198043 Differential Revision: https://reviews.freebsd.org/D3103 Reviewed by: des Approved by: kib (mentor) MFC after: 3 days Relnotes: yes Sponsored by: Dell Inc. Changes: head/crypto/openssh/ssh.c
A commit references this bug: Author: vangyzen Date: Tue Jul 21 14:36:34 UTC 2015 New revision: 285750 URL: https://svnweb.freebsd.org/changeset/base/285750 Log: MFC r285642 ssh: canonicize the host name before looking it up in the host file Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c Differential Revision: https://reviews.freebsd.org/D3103 PR: 198043 Approved by: re (gjb), kib (mentor) Sponsored by: Dell Inc. Relnotes: yes Changes: _U stable/10/ stable/10/crypto/openssh/ssh.c
A commit references this bug: Author: vangyzen Date: Tue Jul 21 18:54:39 UTC 2015 New revision: 285763 URL: https://svnweb.freebsd.org/changeset/base/285763 Log: MFC r285642 ssh: canonicize the host name before looking it up in the host file Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c Differential Revision: https://reviews.freebsd.org/D3103 PR: 198043 Approved by: kib (mentor) Sponsored by: Dell Inc. Relnotes: yes Changes: _U stable/9/crypto/openssh/ stable/9/crypto/openssh/ssh.c