diff options
| author | djm <djm> | 2003-06-03 00:25:48 +0000 |
|---|---|---|
| committer | djm <djm> | 2003-06-03 00:25:48 +0000 |
| commit | f1a485fc401de1c6e3f8e9e59caab578637654c1 (patch) | |
| tree | 42fa1fe2bf29623b7432822abbac4b10fa3cb6af /sshd_config.5 | |
| parent | fce65848545fb3b82e7bf6d461af60d8efc0f956 (diff) | |
| download | openssh-f1a485fc401de1c6e3f8e9e59caab578637654c1.tar.gz | |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 86b3289a..0c6108e0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.18 2003/06/02 09:17:34 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -585,6 +585,14 @@ Gives the facility code that is used when logging messages from The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. +.It Cm UseDNS +Specifies whether +.Nm sshd +should lookup the remote host name and check that +the resolved host name for the remote IP address maps back to the +very same IP address. +The default is +.Dq yes . .It Cm UseLogin Specifies whether .Xr login 1 @@ -622,14 +630,6 @@ The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is .Dq yes . -.It Cm VerifyReverseMapping -Specifies whether -.Nm sshd -should try to verify the remote host name and check that -the resolved host name for the remote IP address maps back to the -very same IP address. -The default is -.Dq no . .It Cm X11DisplayOffset Specifies the first display number available for .Nm sshd Ns 's |