[PATCH] Allow matching HostName against Host entries

Damien Miller djm at mindrot.org
Fri Apr 12 13:18:22 EST 2013


On Fri, 12 Apr 2013, Damien Miller wrote:

> Much of the pain will go away if we have some option to allow
> ssh to canonicalise its hostnames. I thought we could do it using the
> AI_FQDN[1] getaddrinfo hint but I've realised that this would expose
> users on DHCP networks to new attacks as a spoofed DHCP server can
> control the DNS search order.

[1] http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html


More information about the openssh-unix-dev mailing list