CVS is missing documentation for HostbasedUsesNameFromPacketOnly
Carson Gaspar
carson at taltos.org
Mon Sep 15 03:59:47 EST 2003
--On Saturday, September 13, 2003 5:33 PM +0200 Markus Friedl
<markus at openbsd.org> wrote:
> HostbasedUsesNameFromPacketOnly is experimental and
> not documented. i think it violates the spec.
Can you please elaborate? From my point of view, it is the _only_ sane way
to operate, as anything else looks at useless (from a security perspective)
IP and DNS data, as opposed to the cryptographically authenticated data
sent by the client.
It also makes HostbasedAuthentication survive NAT, which is nice.
--
Carson
More information about the openssh-unix-dev
mailing list