openssh-portable
openssh-portable copied to clipboard
openssh
Add support for IDN 2008 encoded names
There are possible valid hostnames recognized by common software, such as browsers or ping utility. They can accept names encoded in national characters. It should allow using ssh on extended latin names such as münchen.de or háčkyčárky.cz. It should allow also other alphabets, like domains reserved at https://www.iana.org/domains/reserved.
This change allows IDN names to be used directly from SSH.
$ ssh -v háčkyčárky.cz
OpenSSH_8.8p1, OpenSSL 3.0.9 30 May 2023
debug1: Reading configuration data /home/pemensik/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/10-dns.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/pemensik/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/10-dns.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
ssh: Could not resolve hostname h\303\241\304\215ky\304\215\303\241rky.cz: Name or service not known
# After the change:
$ ./ssh -v háčkyčárky.cz
OpenSSH_9.3p1, OpenSSL 3.0.9 30 May 2023
debug1: Reading configuration data /home/pemensik/.ssh/config
/home/pemensik/.ssh/config line 3: Unsupported option "gssapiauthentication"
/home/pemensik/.ssh/config line 6: Unsupported option "gssapiauthentication"
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to h\303\241\304\215ky\304\215\303\241rky.cz [2001:1488:0:3::5] port 22.
debug1: connect to address 2001:1488:0:3::5 port 22: Permission denied
debug1: Connecting to h\303\241\304\215ky\304\215\303\241rky.cz [217.31.205.51] port 22.
As can be seen in debug1, SSH does not properly print utf-8 encoded names, even though they are seen correctly in debugger. I am not yet sure where that can be fixed.
Another issue would be valid_domain() function in misc.c. That assumes only valid hostnames contain ascii. That is no longer true for many nations.
Alternative printing could use ASCII version of IDN names, as provided by idn2 library. They are not very nice, but still valid names. Unlike those escaped strange things printed. They are just garbage.
$ idn2 háčkyčárky.cz
xn--hkyrky-ptac70bc.cz