[Bug 1296] VerifyHostKeyDNS default domain
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Apr 17 18:42:46 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=1296
--- Comment #9 from Christoph Lechleitner <christoph.lechleitner at iteg.at> ---
Thanks for commenting so fast in a closed issue.
I can confirm the Canonical* options work for me, Thanks!
A few details for whoever else may be led here by Google:
In Debian wheezy, the wheezy-backports repository needs to be enabled
to get 6.5.
I trust DNS and CNAMEs because I have full control over our nameservers
and I don't use other nameservers (except for DNS update penetration
tests).
Here are the Canonical options with default values (first mentioning of
each option) and example values based on my ssh_config:
#CanonicalDomains
CanonicalDomains internal.site.mydomain.foo mydomain.foo
partners.mydomain.foo
#CanonicalizeFallbackLocal no
CanonicalizeFallbackLocal yes
#CanonicalizeHostname no
#CanonicalizeHostname yes
CanonicalizeHostname always
CanonicalizeMaxDots 1
CanonicalizePermittedCNAMEs *.mydomain.foo:*
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list