diff options
| author |   djm <djm@openbsd.org> | 2015-07-20 00:30:01 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2015-07-20 00:30:01 +0000 |
| commit | 7d80bc74bb3ade9cc2bdf18f9854b055855dd13f (patch) | |
| tree | 43422a097f8a3ce5e69f0ab4b54da464981da204 | |
| parent | Fix annoying console spew when we can't write the core file. use log instead. (diff) | |
| download | wireguard-openbsd-7d80bc74bb3ade9cc2bdf18f9854b055855dd13f.tar.xz wireguard-openbsd-7d80bc74bb3ade9cc2bdf18f9854b055855dd13f.zip | |
mention that the default of UseDNS=no implies that hostnames cannot
be used for host matching in sshd_config and authorized_keys;
bz#2045, ok dtucker@
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 4975080c791..d805b5730fb 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $ -.Dd $Mdocdate: July 10 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $ +.Dd $Mdocdate: July 20 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1494,11 +1494,20 @@ For more details on certificates, see the CERTIFICATES section in .It Cm UseDNS Specifies whether .Xr sshd 8 -should look up the remote host name and check that +should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. -The default is -.Dq no . +.Pp +If this option is set to +.Dq no +(the default) then only addresses and not host names may be used in +.Pa ~/.ssh/known_hosts +.Cm from +and +.Xr sshd_config 5 +.Cm Match +.Cm Host +directives. .It Cm UseLogin Specifies whether .Xr login 1 |