CVS is missing documentation for HostbasedUsesNameFromPacketOnly
carson at taltos.org
Mon Sep 15 03:59:47 EST 2003
--On Saturday, September 13, 2003 5:33 PM +0200 Markus Friedl
<markus at openbsd.org> wrote:
> HostbasedUsesNameFromPacketOnly is experimental and
> not documented. i think it violates the spec.
Can you please elaborate? From my point of view, it is the _only_ sane way
to operate, as anything else looks at useless (from a security perspective)
IP and DNS data, as opposed to the cryptographically authenticated data
sent by the client.
It also makes HostbasedAuthentication survive NAT, which is nice.
More information about the openssh-unix-dev