** Description changed:
+ [impact]
+
+ without trust-ad resolv.conf option, glibc will strip AD from systemd-
+ resolved responses. one thing this will prevent working is ssh/sftp
+ VerifyHostKeyDNS
+
+ [test case]
+
+ TBD
+
+ [regression potential]
+
+ TBD
+
+ [scope]
+
+ this is needed only in focal.
+
+ glibc first stripped the AD in version 2.31, so this is not needed in
+ bionic or earlier.
+
+ this was added upstream in commit a742f9828ea which was included in
+ v246, so this is fixed already in groovy.
+
+ [original description]
+
Hi,
1)
Description: Ubuntu 20.04.1 LTS
Release: 20.04
2)
systemd: 245.4-4ubuntu3.2
3)
I set VerifyHostKeyDNS to YES and hosts are automatically verified via sshfp.
4)
I still get the security question
Matching host key fingerprint found in DNS.
- Are you sure you want to continue connecting (yes/no/[fingerprint])?
+ Are you sure you want to continue connecting (yes/no/[fingerprint])?
The issue is known and fixed in systemd v246.
https://github.com/systemd/systemd/pull/16072
Best regards
Daniel
** Also affects: systemd (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: systemd (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1897744
Title:
VerifyHostKeyDNS not working due to missing trust-ad flag
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1897744/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
