From owner-freebsd-bugbusters@FreeBSD.ORG Tue Aug 13 02:04:29 2013 Return-Path: Delivered-To: bugbusters@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id DA7809AB for ; Tue, 13 Aug 2013 02:04:29 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B105D2C9C for ; Tue, 13 Aug 2013 02:04:29 +0000 (UTC) Received: from [206.217.92.186] (port=1514 helo=[192.168.252.12]) by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from ) id 1V93yG-0002nH-3F for bugbusters@freebsd.org; Mon, 12 Aug 2013 22:04:28 -0400 From: George Neville-Neil Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Question about our current PR system... Message-Id: <5793604E-5A9D-4FA4-9996-9A85CD560EEA@neville-neil.com> Date: Mon, 12 Aug 2013 22:04:27 -0400 To: bugbusters@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) X-Mailer: Apple Mail (2.1508) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Coordination of the Problem Report handling effort." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Aug 2013 02:04:29 -0000 Quick question. Why is the "Submit Followup" link in tiny text at the = bottom of the PR. It would be very helpful if a) it were at both the top and bottom of the page and = b) it was written in large, friendly, letters. Thanks, George From owner-freebsd-bugbusters@FreeBSD.ORG Tue Aug 13 12:14:36 2013 Return-Path: Delivered-To: bugbusters@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id EC286ACB for ; Tue, 13 Aug 2013 12:14:36 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-pd0-x22b.google.com (mail-pd0-x22b.google.com [IPv6:2607:f8b0:400e:c02::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C348A21B0 for ; Tue, 13 Aug 2013 12:14:36 +0000 (UTC) Received: by mail-pd0-f171.google.com with SMTP id g10so4808286pdj.16 for ; Tue, 13 Aug 2013 05:14:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=mnOYS0GDAvOXcUOWsCT90xsv5+d9CHXI/YtJ2MzaEz0=; b=YBdYHS0JFF3+Chbe91C7wjD8J98vAVEAe39+AYAGGQ5WsaF0EE4nklnLfowgqORMcF FdmZVsJd9Uxg8ID+IBCjkwjoEKA/vGJsWUokgPmSx33/RiUMrlpxAGq4X2KPd/BKOqkR nAkHgloTDMBw/RtV0j5iMGFdvPnTw7EKKfab0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mnOYS0GDAvOXcUOWsCT90xsv5+d9CHXI/YtJ2MzaEz0=; b=FRxEstUADev4oT196i56ayhQlJaY58leGkyBq9lZJsFVN1j33sg5JlNf3se5EoM/NU dPg9g8/dPlOAVBs+3cEdT2ko/y2ea967Ng5+lC4oDpcH+CHrIaXSwYtHprQ57LPBJ/eY vJZ+cxTWFKm6pWoWUZP85S0glEA1tJaFkE79Ljh3lHdaU8YjThanijOR3Gve3pcFzlAX bHJW6yLEFsBnsWJZc++X0WlhwVMPEEYqcCdQBv6WDCKpkY63/DcW+pqH28i0o0W0W5sh i5DaI3nOUXDL4nvqUnSAdn56WQ1YG1tpjpnN0VQfpWY2xtbkd80UZxafLr1JrMuq+n38 nQDA== X-Gm-Message-State: ALoCoQn8smVtWpuCbcfczADmfQ0h4DZtYUIYkPDzNKXNwlGfoeBEz7b9/C2wgo14e0zJcymDyMlo X-Received: by 10.67.5.132 with SMTP id cm4mr1426869pad.186.1376396076386; Tue, 13 Aug 2013 05:14:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.70.6.3 with HTTP; Tue, 13 Aug 2013 05:14:06 -0700 (PDT) In-Reply-To: <5793604E-5A9D-4FA4-9996-9A85CD560EEA@neville-neil.com> References: <5793604E-5A9D-4FA4-9996-9A85CD560EEA@neville-neil.com> From: Eitan Adler Date: Tue, 13 Aug 2013 14:14:06 +0200 Message-ID: Subject: Re: Question about our current PR system... To: George Neville-Neil Content-Type: text/plain; charset=UTF-8 Cc: bugbusters@freebsd.org X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Coordination of the Problem Report handling effort." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Aug 2013 12:14:37 -0000 On Tue, Aug 13, 2013 at 4:04 AM, George Neville-Neil wrote: > Quick question. Why is the "Submit Followup" link in tiny text at the bottom of the PR. It would > be very helpful if a) it were at both the top and bottom of the page and b) it was written in large, > friendly, letters. I agree. I've lately been mostly focused on the new bug tracking system and do not give much time to GNATS. Unfortunately this is taking longer than planned, but progress is being made. -- Eitan Adler From owner-freebsd-bugbusters@FreeBSD.ORG Tue Aug 13 12:18:49 2013 Return-Path: Delivered-To: bugbusters@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 0E15BB8B for ; Tue, 13 Aug 2013 12:18:49 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D7D1721FC for ; Tue, 13 Aug 2013 12:18:48 +0000 (UTC) Received: from [209.249.190.124] (port=59604 helo=gnnmac.hudson-trading.com) by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from ) id 1V9DXh-0003KQ-HZ; Tue, 13 Aug 2013 08:17:43 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Subject: Re: Question about our current PR system... From: George Neville-Neil In-Reply-To: Date: Tue, 13 Aug 2013 08:17:43 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <67CB244E-DB28-44AB-AF36-7FB0B58AC522@neville-neil.com> References: <5793604E-5A9D-4FA4-9996-9A85CD560EEA@neville-neil.com> To: Eitan Adler X-Mailer: Apple Mail (2.1508) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com Cc: bugbusters@freebsd.org X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Coordination of the Problem Report handling effort." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Aug 2013 12:18:49 -0000 On Aug 13, 2013, at 8:14 , Eitan Adler wrote: > On Tue, Aug 13, 2013 at 4:04 AM, George Neville-Neil > wrote: >> Quick question. Why is the "Submit Followup" link in tiny text at = the bottom of the PR. It would >> be very helpful if a) it were at both the top and bottom of the page = and b) it was written in large, >> friendly, letters. >=20 > I agree. I've lately been mostly focused on the new bug tracking > system and do not give much time to GNATS. >=20 That's fine, but if it's a quick fix it would be much appreciated. > Unfortunately this is taking longer than planned, but progress is = being made. >=20 Sounds good. Best, George From owner-freebsd-bugbusters@FreeBSD.ORG Thu Aug 15 14:00:44 2013 Return-Path: Delivered-To: bugbusters@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 61F9DFF3 for ; Thu, 15 Aug 2013 14:00:44 +0000 (UTC) (envelope-from holz@net.in.tum.de) Received: from smtp.serverkommune.de (serverkommune.de [176.9.61.43]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1F8582241 for ; Thu, 15 Aug 2013 14:00:43 +0000 (UTC) Received: by smtp.serverkommune.de (Postfix, from userid 5001) id AE23580763; Thu, 15 Aug 2013 15:54:21 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on ex6.serverkommune.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.1 Received: from [192.168.178.34] (ex6.serverkommune.de [176.9.61.43]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.serverkommune.de (Postfix) with ESMTPSA id 691FD806F2 for ; Thu, 15 Aug 2013 15:54:20 +0200 (CEST) Message-ID: <520CDDB5.8080307@net.in.tum.de> Date: Thu, 15 Aug 2013 15:55:01 +0200 From: Ralph Holz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: bugbusters@FreeBSD.org Subject: Wrong SSHFP on FreeBSD servers X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.97.8 at ex6 X-Virus-Status: Clean X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Coordination of the Problem Report handling effort." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Aug 2013 14:00:44 -0000 Dear FreeBSD team, I am not sure if I got the right mail address, but nevertheless: A routine scan of SSH and DNS has marked the following of your domains as presenting inaccurate SSHFP resource records. Can you confirm this? I don't think it's a serious problem - no one seems to use these RR and we only found 3 (!) accurate RRs in our database... but still, I thought you might like to know. Thanks, Ralph pkg-master.freebsd.org ref8-amd64.freebsd.org admin0.nyi.freebsd.org routerer.freebsd.org portsmon.freebsd.org nova.freebsd.org bake.isc.freebsd.org admbas1.isc.freebsd.org package2.nyi.freebsd.org admbas1.nyi.freebsd.org vcs.nyi.freebsd.org admauth0.isc.freebsd.org repo.freebsd.org package17.nyi.freebsd.org admin1.nyi.freebsd.org igw0.bme.freebsd.org admin.bme.freebsd.org package12.nyi.freebsd.org bgp0-ext.ysv.freebsd.org ps.isc.freebsd.org gohan13.freebsd.org beefy1.isc.freebsd.org gohan12.freebsd.org igw1.isc.freebsd.org package5.nyi.freebsd.org admauth1.nyi.freebsd.org admauth1.isc.freebsd.org gohan61.freebsd.org ref9-amd64.freebsd.org vm0.freebsd.org package11.nyi.freebsd.org pkg-mirror0.nyi.freebsd.org repoman2.freebsd.org admin.isc.freebsd.org gohan10.freebsd.org snap.freebsd.org skunkworks.freebsd.org mailspool.freebsd.org bhyve.freebsd.org stream.freebsd.org admauth0.nyi.freebsd.org bbig.ysv.freebsd.org stench.freebsd.org package9.nyi.freebsd.org ref10-amd64.freebsd.org pb2.nyi.freebsd.org package13.nyi.freebsd.org halo.freebsd.org ref10-i386.freebsd.org ray.bme.freebsd.org beefy2.isc.freebsd.org mailhub.freebsd.org igw1.bme.freebsd.org routerer-ext.ysv.freebsd.org pointyhat-east.nyi.freebsd.org nbk0.nyi.freebsd.org pluto.freebsd.org admbas0.isc.freebsd.org cook.isc.freebsd.org worm.freebsd.org package8.nyi.freebsd.org ybk.ysv.freebsd.org bgp0.ysv.freebsd.org igw0.isc.freebsd.org svn.freebsd.org package4.nyi.freebsd.org flame.freebsd.org foundation.freebsd.org freefall.freebsd.org service2.freebsd.org fif0.nyi.freebsd.org package14.nyi.freebsd.org package3.nyi.freebsd.org bit-master.freebsd.org package16.nyi.freebsd.org igw0.nyi.freebsd.org portsindexbuild.ysv.freebsd.org routerest-ext.ysv.freebsd.org -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF From owner-freebsd-bugbusters@FreeBSD.ORG Thu Aug 15 17:28:40 2013 Return-Path: Delivered-To: bugbusters@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id F3A884B3 for ; Thu, 15 Aug 2013 17:28:39 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from mail-gw13.york.ac.uk (mail-gw13.york.ac.uk [144.32.129.163]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B98912E0C for ; Thu, 15 Aug 2013 17:28:39 +0000 (UTC) Received: from ury.york.ac.uk ([144.32.64.162]:60366) by mail-gw13.york.ac.uk with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1VA1FR-0006lx-Uv; Thu, 15 Aug 2013 18:22:09 +0100 Date: Thu, 15 Aug 2013 18:22:09 +0100 (BST) From: Gavin Atkinson X-X-Sender: gavin@thunderhorn.york.ac.uk To: Ralph Holz Subject: Re: Wrong SSHFP on FreeBSD servers In-Reply-To: <520CDDB5.8080307@net.in.tum.de> Message-ID: References: <520CDDB5.8080307@net.in.tum.de> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="830102327-783095124-1376587329=:88779" Cc: bugbusters@freebsd.org X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Coordination of the Problem Report handling effort." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Aug 2013 17:28:40 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --830102327-783095124-1376587329=:88779 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE On Thu, 15 Aug 2013, Ralph Holz wrote: > Dear FreeBSD team, >=20 > I am not sure if I got the right mail address, but nevertheless: It's not the right email address, but I'll see if I can help - and if=20 not, I'll forward your email on to the right people. > A routine scan of SSH and DNS has marked the following of your domains > as presenting inaccurate SSHFP resource records. Can you confirm this? As far as I can tell, the records are correct. I'd be interested in=20 knowing why you think they are wrong... Just picking the top three from your list: > pkg-master.freebsd.org > ref8-amd64.freebsd.org > admin0.nyi.freebsd.org gavin@freefall:/home/gavin 101% dig sshfp pkg-master.freebsd.org [...] pkg-master.freebsd.org. 2925 IN SSHFP 1 1 F9649EA3087196CEC3E95A3= D57F2D9FE2C2BAA51 pkg-master.freebsd.org. 2925 IN SSHFP 1 2 646A119A9822F1FDBD43CE7= 37B61AED68909CF7A6DB967D34CDDD2DA 4F65FF93 pkg-master.freebsd.org. 2925 IN SSHFP 2 1 7764B5F462C11EA20AF9BA2= 84DC9D64F2FBCED98 pkg-master.freebsd.org. 2925 IN SSHFP 2 2 A6E58FF7F28C17FAFD1AF95= 31FACF8F7C5E03B7FF2D3503731B93BF9 393C2171 pkg-master.freebsd.org. 2925 IN SSHFP 3 1 D2A7DA2E3D1D2C2533544CB= 3BAEC9F8BFDB17010 pkg-master.freebsd.org. 2925 IN SSHFP 3 2 79CB56F5E0693F1A691ABBA= 5A40BB2A0DC3EEC50F24AF82AFB7050AB E7D1AD44 (and logged onto pkg-master.freebsd.org:) > ssh-keygen -r localhost localhost IN SSHFP 1 1 f9649ea3087196cec3e95a3d57f2d9fe2c2baa51 localhost IN SSHFP 1 2 646a119a9822f1fdbd43ce737b61aed68909cf7a6db967d34cdd= d2da4f65ff93 localhost IN SSHFP 2 1 7764b5f462c11ea20af9ba284dc9d64f2fbced98 localhost IN SSHFP 2 2 a6e58ff7f28c17fafd1af9531facf8f7c5e03b7ff2d3503731b9= 3bf9393c2171 localhost IN SSHFP 3 1 d2a7da2e3d1d2c2533544cb3baec9f8bfdb17010 localhost IN SSHFP 3 2 79cb56f5e0693f1a691abba5a40bb2a0dc3eec50f24af82afb70= 50abe7d1ad44 gavin@freefall:/home/gavin 102% dig sshfp ref8-amd64.freebsd.org [...] ;; ANSWER SECTION: ref8-amd64.freebsd.org. 3600 IN SSHFP 1 1 70892BE73E725D8F93F7931= 4FF17B415B7FEFA53 ref8-amd64.freebsd.org. 3600 IN SSHFP 1 2 011C80E6248A613542745BB= 6648FAF7F7798494B9E545AD7FEC1186F 5F89E97C ref8-amd64.freebsd.org. 3600 IN SSHFP 2 1 9B54EB4DAAEFDD5BD757881= F39488DD66727ACAB ref8-amd64.freebsd.org. 3600 IN SSHFP 2 2 58FC35CD7049012DAE97DD7= EC903354156CBE737C76E8C59444EAAB1 A9398906 ref8-amd64.freebsd.org. 3600 IN SSHFP 3 1 739DE449007C61783777EF0= 7024C503071B3849A ref8-amd64.freebsd.org. 3600 IN SSHFP 3 2 EF09E85770695C4C24A3F01= 71457CE72388112DD9236115FF1DE7191 8CD6B10A (and logged onto ref8-amd64.freebsd.org:) 104% ssh-keygen -r localhost localhost IN SSHFP 1 1 70892be73e725d8f93f79314ff17b415b7fefa53 localhost IN SSHFP 1 2 011c80e6248a613542745bb6648faf7f7798494b9e545ad7fec1= 186f5f89e97c localhost IN SSHFP 2 1 9b54eb4daaefdd5bd757881f39488dd66727acab localhost IN SSHFP 2 2 58fc35cd7049012dae97dd7ec903354156cbe737c76e8c59444e= aab1a9398906 localhost IN SSHFP 3 1 739de449007c61783777ef07024c503071b3849a localhost IN SSHFP 3 2 ef09e85770695c4c24a3f0171457ce72388112dd9236115ff1de= 71918cd6b10a gavin@freefall:/home/gavin 103% dig sshfp admin0.nyi.freebsd.org [...] ;; ANSWER SECTION: admin0.nyi.freebsd.org. 3600 IN SSHFP 1 1 623FA95A5F643A5943BF36F= 7719287616492E28B admin0.nyi.freebsd.org. 3600 IN SSHFP 1 2 1059CC96B56DBD2CD23454A= E4F5C74BCD145EF27FE8B06659083F866 8CAB0589 admin0.nyi.freebsd.org. 3600 IN SSHFP 2 1 35944945A1FAA03DD28CF4A= 0E1FBB157EB9F9683 admin0.nyi.freebsd.org. 3600 IN SSHFP 2 2 7B6A17F76E302013F0F7525= 1E7E50650BC9B9E0AE5CB44CE57C07F66 369CE622 admin0.nyi.freebsd.org. 3600 IN SSHFP 3 1 F88889BB1BF296EF887FE16= EBCC00F7CB0687D5D admin0.nyi.freebsd.org. 3600 IN SSHFP 3 2 4F0077E3DEFF1545105C24C= 95B8D128D14235ACA66B4C9E2166CBBBB 63F88AA4 (and logged onto admin0.nyi.freebsd.org:) localhost IN SSHFP 1 1 623fa95a5f643a5943bf36f7719287616492e28b localhost IN SSHFP 1 2 1059cc96b56dbd2cd23454ae4f5c74bcd145ef27fe8b06659083= f8668cab0589 localhost IN SSHFP 2 1 35944945a1faa03dd28cf4a0e1fbb157eb9f9683 localhost IN SSHFP 2 2 7b6a17f76e302013f0f75251e7e50650bc9b9e0ae5cb44ce57c0= 7f66369ce622 localhost IN SSHFP 3 1 f88889bb1bf296ef887fe16ebcc00f7cb0687d5d localhost IN SSHFP 3 2 4f0077e3deff1545105c24c95b8d128d14235aca66b4c9e2166c= bbbb63f88aa4 All three appear to match up. > I don't think it's a serious problem - no one seems to use these RR and > we only found 3 (!) accurate RRs in our database... but still, I thought > you might like to know. Heh. We're actually using SSHFP (and DANE) now quite heavily - at least,= =20 we're trying to publish records for everythign. I have no idea how many=20 users use them, though I suspect if there were issues people would have=20 complained by now. The fact that you have only found three accurate RRs suggests that maybe=20 the issue is at your end. Here's my theory: You're using "ssh-keygen -r",= =20 to generate your data, and misunderstanding exactly what the argument to=20 -r means. Note that the argument to -r is not "show me fingerprints for=20 this host" but "show me fingerprints for the host I'm logged into, with=20 DNS entries suitable for this host". Or, to put it another way (all run=20 from admin0.nyi.freebsd.org): > ssh-keygen -r admin0.nyi.freebsd.org |grep "SSHFP 1 1" admin0.nyi.freebsd.org IN SSHFP 1 1 623fa95a5f643a5943bf36f7719287616492e28= b > ssh-keygen -r ref8-amd64.freebsd.org | grep "SSHFP 1 1" ref8-amd64.freebsd.org IN SSHFP 1 1 623fa95a5f643a5943bf36f7719287616492e28= b > ssh-keygen -r pkg-master.freebsd.org | grep "SSHFP 1 1" pkg-master.freebsd.org IN SSHFP 1 1 623fa95a5f643a5943bf36f7719287616492e28= b i.e. all show the same fingerprint - that of the local machine. Let me=20 further guess: Are the only three accurate RRs in your database those of=20 the machines you are running the tests from? :-) Let me know if you get to the bottom of it, I am interested in the=20 outcome. Thanks, Gavin >=20 > Thanks, > Ralph >=20 > pkg-master.freebsd.org > ref8-amd64.freebsd.org > admin0.nyi.freebsd.org > routerer.freebsd.org > portsmon.freebsd.org > nova.freebsd.org > bake.isc.freebsd.org > admbas1.isc.freebsd.org > package2.nyi.freebsd.org > admbas1.nyi.freebsd.org > vcs.nyi.freebsd.org > admauth0.isc.freebsd.org > repo.freebsd.org > package17.nyi.freebsd.org > admin1.nyi.freebsd.org > igw0.bme.freebsd.org > admin.bme.freebsd.org > package12.nyi.freebsd.org > bgp0-ext.ysv.freebsd.org > ps.isc.freebsd.org > gohan13.freebsd.org > beefy1.isc.freebsd.org > gohan12.freebsd.org > igw1.isc.freebsd.org > package5.nyi.freebsd.org > admauth1.nyi.freebsd.org > admauth1.isc.freebsd.org > gohan61.freebsd.org > ref9-amd64.freebsd.org > vm0.freebsd.org > package11.nyi.freebsd.org > pkg-mirror0.nyi.freebsd.org > repoman2.freebsd.org > admin.isc.freebsd.org > gohan10.freebsd.org > snap.freebsd.org > skunkworks.freebsd.org > mailspool.freebsd.org > bhyve.freebsd.org > stream.freebsd.org > admauth0.nyi.freebsd.org > bbig.ysv.freebsd.org > stench.freebsd.org > package9.nyi.freebsd.org > ref10-amd64.freebsd.org > pb2.nyi.freebsd.org > package13.nyi.freebsd.org > halo.freebsd.org > ref10-i386.freebsd.org > ray.bme.freebsd.org > beefy2.isc.freebsd.org > mailhub.freebsd.org > igw1.bme.freebsd.org > routerer-ext.ysv.freebsd.org > pointyhat-east.nyi.freebsd.org > nbk0.nyi.freebsd.org > pluto.freebsd.org > admbas0.isc.freebsd.org > cook.isc.freebsd.org > worm.freebsd.org > package8.nyi.freebsd.org > ybk.ysv.freebsd.org > bgp0.ysv.freebsd.org > igw0.isc.freebsd.org > svn.freebsd.org > package4.nyi.freebsd.org > flame.freebsd.org > foundation.freebsd.org > freefall.freebsd.org > service2.freebsd.org > fif0.nyi.freebsd.org > package14.nyi.freebsd.org > package3.nyi.freebsd.org > bit-master.freebsd.org > package16.nyi.freebsd.org > igw0.nyi.freebsd.org > portsindexbuild.ysv.freebsd.org > routerest-ext.ysv.freebsd.org > --=20 > Ralph Holz > I8 - Network Architectures and Services > Technische Universit=E4t M=FCnchen > http://www.net.in.tum.de/de/mitarbeiter/holz/ > Phone +49.89.289.18043 > PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF > _______________________________________________ > freebsd-bugbusters@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-bugbusters > To unsubscribe, send any mail to "freebsd-bugbusters-unsubscribe@freebsd.= org" >=20 --830102327-783095124-1376587329=:88779-- From owner-freebsd-bugbusters@FreeBSD.ORG Thu Aug 15 21:40:16 2013 Return-Path: Delivered-To: bugbusters@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id AD245BA5; Thu, 15 Aug 2013 21:40:16 +0000 (UTC) (envelope-from holz@net.in.tum.de) Received: from smtp.serverkommune.de (serverkommune.de [176.9.61.43]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 68B352B79; Thu, 15 Aug 2013 21:40:15 +0000 (UTC) Received: by smtp.serverkommune.de (Postfix, from userid 5001) id 58965803A4; Thu, 15 Aug 2013 23:40:14 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on ex6.serverkommune.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.1 Received: from [192.168.178.34] (ex6.serverkommune.de [176.9.61.43]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.serverkommune.de (Postfix) with ESMTPSA id 83B7580047; Thu, 15 Aug 2013 23:40:13 +0200 (CEST) Message-ID: <520D4AE5.50805@net.in.tum.de> Date: Thu, 15 Aug 2013 23:40:53 +0200 From: Ralph Holz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Gavin Atkinson , bugbusters@FreeBSD.org Subject: Re: Wrong SSHFP on FreeBSD servers References: <520CDDB5.8080307@net.in.tum.de> In-Reply-To: X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.97.8 at ex6 X-Virus-Status: Clean X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Coordination of the Problem Report handling effort." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Aug 2013 21:40:16 -0000 Hi Gavin, As an addendum to my last mail: I have just found out that the way the fingerprints are stored in SSHFP does not seem to reflect the same kind of hash value that is displayed to the user. Ouch. I had a too-simplistic conversion between the two - that must have been the source of the mismatch. I am going to investigate this tomorrow and must have a closer look at the SSHFP RFC. Sorry for the trouble! Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF