diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2021-01-08 04:49:14 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2021-01-08 04:49:14 +0000 |
| commit | 6c8de5dfd65756456f0077b107df32a8e3bd0eae (patch) | |
| tree | 6cfbd6332266482a0b7c8b5b59f5db4ab283d70b /usr.bin | |
| parent | 2f5a32c6d22252a2752dbefc871adb6ec849dbe1 (diff) | |
make CheckHostIP default to 'no'. It doesn't provide any perceptible
value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.
ok dtucker@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/readconf.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 0ea6f1e4895..b8690842788 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.347 2020/12/22 03:05:31 tb Exp $ */ +/* $OpenBSD: readconf.c,v 1.348 2021/01/08 04:49:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2283,7 +2283,7 @@ fill_default_options(Options * options) if (options->batch_mode == -1) options->batch_mode = 0; if (options->check_host_ip == -1) - options->check_host_ip = 1; + options->check_host_ip = 0; if (options->strict_host_key_checking == -1) options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; if (options->compression == -1) diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 1007847662c..8458fcf67e9 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.340 2020/12/22 07:40:26 jmc Exp $ -.Dd $Mdocdate: December 22 2020 $ +.\" $OpenBSD: ssh_config.5,v 1.341 2021/01/08 04:49:13 djm Exp $ +.Dd $Mdocdate: January 8 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -421,7 +421,6 @@ or .It Cm CheckHostIP If set to .Cm yes -(the default), .Xr ssh 1 will additionally check the host IP address in the .Pa known_hosts @@ -432,7 +431,8 @@ and will add addresses of destination hosts to in the process, regardless of the setting of .Cm StrictHostKeyChecking . If the option is set to -.Cm no , +.Cm no +(the default), the check will not be executed. .It Cm Ciphers Specifies the ciphers allowed and their order of preference. |