sshd config parser
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Wed Apr 5 13:37:56 EST 2006
On 04/04/2006 05:55 PM, Darren Tucker wrote:
> Jefferson Ogata wrote:
>>1. Why the "Match" keyword. Why not just "Host foo.example.com" or "User
>>bozo"?
>
> Without "Match", each condition would be a keyword in its own right.
> Matching on multiple conditions would either not be supported, or each
> keyword would need to explicitly check for other criteria.
Makes sense. Kewl.
>>2. How does "Host" with wildcards interact with DNS? E.g. will "Host
>>192.168.0.*" match 192.168.0.evil.domain?
>
> It would, which is why...
Oh, my. Don't you think this is going to lead to unexpected results? I'm
a bit concerned that people won't realize that DNS is an issue...
Could sshd default not to use inverse DNS in Host matches unless another
config directive were enabled?
Thanks for the cogent response.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list