CVS is missing documentation for HostbasedUsesNameFromPacketOnly

Carson Gaspar carson at
Mon Sep 15 03:59:47 EST 2003

--On Saturday, September 13, 2003 5:33 PM +0200 Markus Friedl 
<markus at> wrote:

> HostbasedUsesNameFromPacketOnly is experimental and
> not documented. i think it violates the spec.

Can you please elaborate? From my point of view, it is the _only_ sane way 
to operate, as anything else looks at useless (from a security perspective) 
IP and DNS data, as opposed to the cryptographically authenticated data 
sent by the client.

It also makes HostbasedAuthentication survive NAT, which is nice.


More information about the openssh-unix-dev mailing list