From owner-freebsd-stable@FreeBSD.ORG  Thu Feb 12 03:14:05 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 765613F0
 for <stable@freebsd.org>; Thu, 12 Feb 2015 03:14:05 +0000 (UTC)
Received: from smtp.vangyzen.net (hotblack.vangyzen.net
 [IPv6:2607:fc50:1000:7400:216:3eff:fe72:314f])
 by mx1.freebsd.org (Postfix) with ESMTP id 59B0C9C3
 for <stable@freebsd.org>; Thu, 12 Feb 2015 03:14:05 +0000 (UTC)
Received: from coconut.local (c-24-125-214-90.hsd1.va.comcast.net
 [24.125.214.90])
 by smtp.vangyzen.net (Postfix) with ESMTPSA id 913EB56467
 for <stable@freebsd.org>; Wed, 11 Feb 2015 21:14:04 -0600 (CST)
Message-ID: <54DC1A78.9010500@vangyzen.net>
Date: Wed, 11 Feb 2015 22:14:00 -0500
From: Eric van Gyzen <eric@vangyzen.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: stable@freebsd.org
Subject: Re: ssh known_hosts in 10.1
References: <54DBD1C2.4000108@vangyzen.net>
In-Reply-To: <54DBD1C2.4000108@vangyzen.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 03:14:05 -0000

On 2/11/15 5:03 PM, Eric van Gyzen wrote:
> -stable:
>
> I just updated my workstation from 10.0 to 10.1.  Now, ssh is prompting
> me to accept host keys that I accepted long ago.  ssh is looking for the
> host key in known_hosts using the name given on the command line; it
> previously used the FQDN.  ssh-keygen -F confirms that known_hosts has
> the same key for the FQDN.
>
> If I recall correctly, using the FQDN in known_hosts was a FreeBSD
> customization.  Did this get dropped during the OpenSSH update?

As it turns out, OpenSSH 6.5 or 6.6 added a hostname canonicalization 
feature that--as I understand--should make FreeBSD's customization 
obsolete.  Based on the description in ssh_config, the following should 
behave as ssh did in 10.0:

     ssh -o 'CanonicalizeHostname yes' -o 'CanonicalizeFallbackLocal 
yes' short-name

However, it doesn't find the host key, because it's looking for the 
short-name, not the FQDN:

     The authenticity of host 'short-name (192.0.2.42)' can't be 
established.

Can anyone else confirm this behavior?

Eric