diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-20 00:30:01 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-20 10:32:25 +1000 |
commit | c63c9a691dca26bb7648827f5a13668832948929 (patch) | |
tree | 2982b4458f594eff9453806f71803f4db99393bc | |
parent | 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 (diff) |
upstream commit
mention that the default of UseDNS=no implies that
hostnames cannot be used for host matching in sshd_config and
authorized_keys; bz#2045, ok dtucker@
Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
-rw-r--r-- | sshd_config.5 | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index b49e9191..0614531c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $ -.Dd $Mdocdate: July 10 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $ +.Dd $Mdocdate: July 20 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1493,11 +1493,20 @@ For more details on certificates, see the CERTIFICATES section in .It Cm UseDNS Specifies whether .Xr sshd 8 -should look up the remote host name and check that +should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. -The default is -.Dq no . +.Pp +If this option is set to +.Dq no +(the default) then only addresses and not host names may be used in +.Pa ~/.ssh/known_hosts +.Cm from +and +.Xr sshd_config 5 +.Cm Match +.Cm Host +directives. .It Cm UseLogin Specifies whether .Xr login 1 |