[Bug 1296] VerifyHostKeyDNS default domain

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 10 04:34:42 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1296

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org>  ---
Unfortunately the resolver APIs don't give us any way to find out the
canonical domain that the resolver actually used to find the address.
There is a bit of discussion about this on openssh-unix-dev at mindrot.org
(see the thread "Question about host certificates").

The workaround that I implemented was an easy way to apply a default
domain name to unqualified host names in ssh_config:

Host *.*
  Hostname %h

Host *
  Hostname %h.my.domain

It is a bit of a hack, but unfortunately it is the best we can do
without changes to the resolver API.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list