Open ghost opened 2 years ago
It's a DNS lookup error which means target can't be found
It's a DNS lookup error which means target can't be found
The debug log specifically said getrrsetbyname is not supported
in this Windows build of OpenSSH, thus it unable to verify SSHFP record.
Yes, getrrsetbyname is not supported in win32 openssh. We don't have any plans to implement this in future.
I know this is an old issue and reviving the dead gives bad mojo, but since it's not closed and this is still an issue in current Win32 OpenSSH:
Yes, getrrsetbyname is not supported in win32 openssh. We don't have any plans to implement this in future.
Could you please at least elaborate why it won't be implemented? SSHFP is around for quiet a while already and it would be really nice to actually be able to also use it from windows. I mean it basically works on all the other operating systems. Please be nice to people who are stuck on Windows. :)
getrrsetbyname
is BSD function and unavailable outside BSD systems. So even on Linux it cannot be used for DNSSEC/SSHFP validation. On portable openssh builds DNSSEC validation can be achieved only if client built with LDNS library (https://www.nlnetlabs.nl/projects/ldns/) support (like ./configure --with-ldns
), so main blocker is porting LDNS library into Windows and statically build it into ssh client.
Had some major issues getting this to work. Eventually managed to make it work in Linux by using systemd-resolved, only to find out Windows doesn't support this feature 😒
Troubleshooting steps https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps
Terminal issue? please go through wiki https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
Please answer the following
"OpenSSH for Windows" version
8.1.0.1
Server OperatingSystem
Debian GNU/Linux 11 (bullseye) x86_64
Client OperatingSystem
Windows 10 Education
What is failing Unable to use SSHFP Records to Verify SSH Host Keys.
Expected output
Matching host key fingerprint found in DNS.
Which is what I get from OpenSSH client inside Ubuntu WSL.
Actual output