[Bug 1608] New: Reverse DNS support for VerifyHostKeyDNS configuration option

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 12 22:47:20 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1608

           Summary: Reverse DNS support for VerifyHostKeyDNS configuration
                    option
           Product: Portable OpenSSH
           Version: -current
          Platform: All
               URL: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/
                    dns.c?annotate=1.25
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: wnagele at ripe.net


When enabling the configuration option VerifyHostKeyDNS the code is
skipping SSHFP lookups for reverse DNS. The area in the code can be
found between line 194-197 in dns.c[1] (Version 1.25).

I would like to point out that it is perfectly plausible to have SSHFP
records in any reverse DNS zone and i would appreciate them being used
inside of the OpenSSH code. This would enable people using this feature
when connecting directly via IP addresses.

[1]
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/dns.c?annotate=1.25

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list