CVS is missing documentation for HostbasedUsesNameFromPacketOnly
Markus Friedl
markus at openbsd.org
Mon Sep 15 18:05:24 EST 2003
On Sun, Sep 14, 2003 at 01:59:47PM -0400, Carson Gaspar wrote:
> --On Saturday, September 13, 2003 5:33 PM +0200 Markus Friedl
> <markus at openbsd.org> wrote:
>
> >HostbasedUsesNameFromPacketOnly is experimental and
> >not documented. i think it violates the spec.
>
> Can you please elaborate? From my point of view, it is the _only_ sane way
> to operate, as anything else looks at useless (from a security perspective)
> IP and DNS data, as opposed to the cryptographically authenticated data
> sent by the client.
>
> It also makes HostbasedAuthentication survive NAT, which is nice.
than add dot in shosts and it works.
this won't/cannot be changed for 3.7
More information about the openssh-unix-dev
mailing list