CVS is missing documentation for HostbasedUsesNameFromPacketOnly

Carson Gaspar carson at taltos.org
Mon Sep 15 03:59:47 EST 2003


--On Saturday, September 13, 2003 5:33 PM +0200 Markus Friedl 
<markus at openbsd.org> wrote:

> HostbasedUsesNameFromPacketOnly is experimental and
> not documented. i think it violates the spec.

Can you please elaborate? From my point of view, it is the _only_ sane way 
to operate, as anything else looks at useless (from a security perspective) 
IP and DNS data, as opposed to the cryptographically authenticated data 
sent by the client.

It also makes HostbasedAuthentication survive NAT, which is nice.

-- 
Carson




More information about the openssh-unix-dev mailing list