[PATCH] clarify doc of NoHostAuthenticationForLocalhost

calestyo at scientia.net calestyo at scientia.net
Sat Feb 21 14:03:21 AEDT 2015


From: Christoph Anton Mitterer <mail at christoph.anton.mitterer.name>

Clarify the documentation of the NoHostAuthenticationForLocalhost directive in
ssh_config(5):

• Document, that it works on any hostname that resolves to the loopback device.
• Demote the „use case” to being just one example of how it can be used.

Fixes bug #2293.

Signed-off-by: Christoph Anton Mitterer <mail at christoph.anton.mitterer.name>
---
 ssh_config.5 | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/ssh_config.5 b/ssh_config.5
index b702e32..f79a17d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1041,15 +1041,19 @@ hmac-md5,hmac-sha1,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
 .It Cm NoHostAuthenticationForLocalhost
-This option can be used if the home directory is shared across machines.
-In this case localhost will refer to a different machine on each of
-the machines and the user will get many warnings about changed host keys.
-However, this option disables host authentication for localhost.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is to check the host key for localhost.
+If set to
+.Dq yes ,
+then no host authentication will be performed for any target
+.Ar hostname
+(for example localhost or ip6-localhost) that resolves to a
+loopback network interface (that is addresses 127.0.0.0/8 for IPv4
+respectively ::1/128 for IPv6). The default of
+.Dq no
+is to always check the host key of all SSH servers.
+.Pp
+This option can for example be used when the home directory is shared across
+machines. In this case the name localhost will refer to a different machine
+on each of the machines and the user will get many warnings about changed host keys.
 .It Cm NumberOfPasswordPrompts
 Specifies the number of password prompts before giving up.
 The argument to this keyword must be an integer.
-- 
2.1.4



More information about the openssh-unix-dev mailing list