[Touch-packages] [Bug 1687482] [NEW] -4 flag doesn't work
Public bug reported: Whenever I use the -4 flag on ssh, it still uses the ipv6 address from dns instead of forcing ipv4 like it says it is supposed to do in the man page. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1687482 Title: -4 flag doesn't work Status in openssh package in Ubuntu: New Bug description: Whenever I use the -4 flag on ssh, it still uses the ipv6 address from dns instead of forcing ipv4 like it says it is supposed to do in the man page. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1687482/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687482] Re: -4 flag doesn't work
I've figured out that it is caused by this line in /etc/ssh/ssh_config ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h This was put there by the freeipa installer (ipa-client-install), so I guess this is a freeipa or sssd bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1687482 Title: -4 flag doesn't work Status in openssh package in Ubuntu: Incomplete Bug description: Whenever I use the -4 flag on ssh, it still uses the ipv6 address from dns instead of forcing ipv4 like it says it is supposed to do in the man page. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1687482/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687482] Re: -4 flag doesn't work
Although it could still be a bug in ssh if ssh doesn't do ProxyCommand correctly. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1687482 Title: -4 flag doesn't work Status in openssh package in Ubuntu: Incomplete Bug description: Whenever I use the -4 flag on ssh, it still uses the ipv6 address from dns instead of forcing ipv4 like it says it is supposed to do in the man page. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1687482/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687482] Re: -4 flag doesn't work
I'm running xenial. After I saw your comment I tried it on zesty and have yet to run into this bug on zesty. I haven't tried in the same environment yet though, I can try that later this week as well as get an apport-collect done. As you can see below, the last login reports an ipv6 address. I verified it is using ipv6 using iftop as well. I also tried your trivial case and the same thing happened. We are running freeipa, I don't know if that would have an effect or not. If it's fixed in zesty, is there any way to get the same fix into xenial? bryceml@ratpoison:~$ ssh -4 sake Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-75-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. Last login: Tue May 2 08:50:11 2017 from 2620:10f:3007:a068:1a66:daff:fe1f:a85 bryceml@sake:~$ logout Connection to sake closed. bryceml@ratpoison:~$ ssh -4 sake Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-75-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. Last login: Tue May 2 08:50:27 2017 from 2620:10f:3007:a068:1a66:daff:fe1f:a85 bryceml@sake:~$ host sake sake.cs.byu.edu has address 192.168.168.107 sake.cs.byu.edu has IPv6 address 2620:10f:3007:a068:1a66:daff:fe1f:d96f bryceml@sake:~$ bryceml@ratpoison:~$ ssh -4 ip6-localhost The authenticity of host 'ip6-localhost ()' can't be established. ECDSA key fingerprint is SHA256:nhU3sXqrZoF3zNUxlWAfuLebsMSFhRuycFFWHlL2RRY. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ip6-localhost' (ECDSA) to the list of known hosts. Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-75-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. Last login: Tue May 2 08:43:46 2017 from 2620:10f:3007:a080:1a66:daff:fe1f:1057 bryceml@ratpoison:~$ logout Connection to ip6-localhost closed. bryceml@ratpoison:~$ ssh -4 ip6-localhost Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-75-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. Last login: Tue May 2 08:57:16 2017 from ::1 bryceml@ratpoison:~$ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1687482 Title: -4 flag doesn't work Status in openssh package in Ubuntu: Incomplete Bug description: Whenever I use the -4 flag on ssh, it still uses the ipv6 address from dns instead of forcing ipv4 like it says it is supposed to do in the man page. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1687482/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1719062] [NEW] systemd-resolved malformed packet on cert dns lookup
Public bug reported: systemd-resolved returns a malformed packet when looking up an openpgp key (via a cert record rfc4398) from my internal authoritative dns server. The command I used was gpg2 -v --auto-key-locate=clear,cert,local --locate-keys [Email Address] This works correctly if I change /etc/resolv.conf symlink to point at /run/systemd/resolve/resolv.conf so that it doesn't use the local systemd-resolved resolver/cache instead of /run/resolvconf/resolv.conf I'm including a wireshark capture of the malformed packet (filtered for 127.0.0.53). I noticed that this was over udp. If I recall correctly, cert records are usually big enough that they require using tcp. Description:Ubuntu Artful Aardvark (development branch) Release:17.10 systemd: Installed: 233-8ubuntu3 Candidate: 233-8ubuntu3 ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Attachment added: "bug.pcapng" https://bugs.launchpad.net/bugs/1719062/+attachment/4955485/+files/bug.pcapng -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1719062 Title: systemd-resolved malformed packet on cert dns lookup Status in systemd package in Ubuntu: New Bug description: systemd-resolved returns a malformed packet when looking up an openpgp key (via a cert record rfc4398) from my internal authoritative dns server. The command I used was gpg2 -v --auto-key-locate=clear,cert,local --locate-keys [Email Address] This works correctly if I change /etc/resolv.conf symlink to point at /run/systemd/resolve/resolv.conf so that it doesn't use the local systemd-resolved resolver/cache instead of /run/resolvconf/resolv.conf I'm including a wireshark capture of the malformed packet (filtered for 127.0.0.53). I noticed that this was over udp. If I recall correctly, cert records are usually big enough that they require using tcp. Description: Ubuntu Artful Aardvark (development branch) Release: 17.10 systemd: Installed: 233-8ubuntu3 Candidate: 233-8ubuntu3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1719062/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1719062] Re: systemd-resolved malformed packet on cert dns lookup
To clarify, having dig request it from systemd-resolved works. Having dig request it directly from the server also works. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1719062 Title: systemd-resolved malformed packet on cert dns lookup Status in systemd package in Ubuntu: New Bug description: systemd-resolved returns a malformed packet when looking up an openpgp key (via a cert record rfc4398) from my internal authoritative dns server. The command I used was gpg2 -v --auto-key-locate=clear,cert,local --locate-keys [Email Address] This works correctly if I change /etc/resolv.conf symlink to point at /run/systemd/resolve/resolv.conf so that it doesn't use the local systemd-resolved resolver/cache instead of /run/resolvconf/resolv.conf I'm including a wireshark capture of the malformed packet (filtered for 127.0.0.53). I noticed that this was over udp. If I recall correctly, cert records are usually big enough that they require using tcp. Description: Ubuntu Artful Aardvark (development branch) Release: 17.10 systemd: Installed: 233-8ubuntu3 Candidate: 233-8ubuntu3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1719062/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1719062] Re: systemd-resolved malformed packet on cert dns lookup
I have upgraded to version 234-2ubuntu10. It doesn't make a difference. I double checked and requested the key (cert record) using dig and it works just fine, no malformed packet. It's only when gpg2 requests it combined with systemd-resolved where there is a problem as far as I can tell. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1719062 Title: systemd-resolved malformed packet on cert dns lookup Status in systemd package in Ubuntu: New Bug description: systemd-resolved returns a malformed packet when looking up an openpgp key (via a cert record rfc4398) from my internal authoritative dns server. The command I used was gpg2 -v --auto-key-locate=clear,cert,local --locate-keys [Email Address] This works correctly if I change /etc/resolv.conf symlink to point at /run/systemd/resolve/resolv.conf so that it doesn't use the local systemd-resolved resolver/cache instead of /run/resolvconf/resolv.conf I'm including a wireshark capture of the malformed packet (filtered for 127.0.0.53). I noticed that this was over udp. If I recall correctly, cert records are usually big enough that they require using tcp. Description: Ubuntu Artful Aardvark (development branch) Release: 17.10 systemd: Installed: 233-8ubuntu3 Candidate: 233-8ubuntu3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1719062/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp