bugtraq re: remote client address restriction circumvention
Markus Friedl
markus at openbsd.org
Sat Jun 7 04:44:33 EST 2003
On Fri, Jun 06, 2003 at 01:10:34PM -0500, Wendy Palm wrote:
> does anyone have a comment to make about this?
> (cert picked it up and we're being asked for a vendor response)
>
> http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0
>
> do we have an "official" response yet?
official response:
If you depend on IP or DNS based access control,
make sure VerifyReverseMapping is turned on
in your sshd_config file.
Otherwise there's not reason to care about this.
In the current code/next release the VerifyReverseMapping option
is deprecated and replaced by UseDNS.
-m
More information about the openssh-unix-dev
mailing list