From 5217d341986ce3ee1787651436cc243b6cb6e526 Mon Sep 17 00:00:00 2001
From: Boris Wachtmeister <boris-code@gmx.com>
Date: Thu, 28 May 2015 21:57:25 +0200
Subject: [PATCH] bugfix: match complete host instead of contains on the
 hoststring

The SimpleEntry currently matches the hostname of the connection against
the complete hoststring of the entry. This way substrings also match, so
for example "10.0.0.1" matches on an entry for "10.0.0.10", resulting in
a host-key-changed message if the key differs which is usually does.
---
 .../schmizz/sshj/transport/verification/OpenSSHKnownHosts.java  | 2 +-
 .../sshj/transport/verification/OpenSSHKnownHostsTest.java      | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
index 53d1d739..dcf68a49 100644
--- a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
+++ b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
@@ -352,7 +352,7 @@ public class OpenSSHKnownHosts
         @Override
         public boolean appliesTo(KeyType type, String host)
                 throws IOException {
-            return type == this.type && hostnames.contains(host);
+            return type == this.type && hosts.contains(host);
         }
     }
 
diff --git a/src/test/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHostsTest.java b/src/test/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHostsTest.java
index 89d6769c..019a5ccc 100644
--- a/src/test/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHostsTest.java
+++ b/src/test/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHostsTest.java
@@ -29,6 +29,7 @@ import java.security.PublicKey;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 
@@ -78,6 +79,7 @@ public class OpenSSHKnownHostsTest {
 
         assertTrue(kh.verify("schmizz.net", 22, key));
         assertTrue(kh.verify("69.163.155.180", 22, key));
+        assertFalse(kh.verify("69.163.155.18", 22, key));
     }
 
     @Test