Bug 217925 - OpenSSH does not look up IP addresses properly
OpenSSH does not look up IP addresses properly
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-11-30 14:49 EST by Eli Barzilay
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-24 15:13:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eli Barzilay 2006-11-30 14:49:18 EST
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:
* Always

Steps to Reproduce:
1. Set up a machine `foo.org' that is also known as `bar.com' (through a
   CNAME entry)
2. on the machine, run "ssh bar.com pwd"
3. look in /var/log/secure
Actual results:
* The log file will have a bogus alert saying:
    Address <your-ip> maps to foo.org, but this does not map back to the

Expected results:
* Not expecting any alerts

Additional info:
  This error message comes from `get_remote_hostname' in "canohost.c" in the
  openssh source.  I traced some of it, and it looks like it gets to do a
  lookup for your real name ("foo.org" in the above example), and that returns
  "", which is different from "<your-actual-ip>".  You can see that
  by printing the values of `ntop' and `ntop2' (before their comparison fails)
  and see that the first is your IP address, and the second is "".
Comment 1 Tomas Mraz 2006-11-30 15:21:41 EST
You probably have foo.org in /etc/hosts with the entry.

Otherwise <your-actual-ip> should be returned.
Comment 2 Eli Barzilay 2006-11-30 16:02:33 EST
My entry in /etc/hosts looks like this:

  # Do not remove the following line, or various programs
  # that require network functionality will fail.	foo foo.org localhost.localdomain localhost
  ::1		foo foo.org localhost.localdomain localhost

Are you saying that it should *not* have "foo" and "foo.org" in there?
(That does seems to make the alert message go away, but the comment at the
beginning of the hosts file makes me worried.  I'm not the one who wrote it.)
Comment 3 Tomas Mraz 2007-09-24 15:13:23 EDT
It is written by anaconda during install but when you have actual non localhost
IP the foo and foo.org should be removed manually from these lines and another
entries with the actual IP address should be added.
Comment 4 Eli Barzilay 2007-09-24 15:25:10 EDT
It would be a *very* good idea to make the generated comment
explain all that.  Or at least refer to some url where it is
Comment 5 Charles R. Anderson 2007-09-27 16:03:25 EDT
Wouldn't this same problem occur if you had multiple IP addresses on the same
Comment 6 Tomas Mraz 2007-09-27 17:41:37 EDT
Only if all of them reverse mapped to a single DNS name and that is clearly
broken setup.

Here the problem is that reverse mapping for external IP maps to foo.org but it
resolves to and not the external IP.
Comment 7 Charles R. Anderson 2007-09-27 18:51:55 EDT
Even if you have an IPv4 and IPv6 address reverse to a single DNS name?

Note You need to log in before you can comment on or make changes to this bug.