From f4a38503b7c5fb2a10bd3df62bb1dafd14e9751e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Jul 2015 00:30:02 +0000 Subject: mention that the default of UseDNS=no implies that hostnames cannot be used for host matching in sshd_config and authorized_keys; bz#2045, ok dtucker@ --- usr.bin/ssh/sshd_config.5 | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'usr.bin/ssh/sshd_config.5') diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 4975080c791..d805b5730fb 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $ -.Dd $Mdocdate: July 10 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $ +.Dd $Mdocdate: July 20 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1494,11 +1494,20 @@ For more details on certificates, see the CERTIFICATES section in .It Cm UseDNS Specifies whether .Xr sshd 8 -should look up the remote host name and check that +should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. -The default is -.Dq no . +.Pp +If this option is set to +.Dq no +(the default) then only addresses and not host names may be used in +.Pa ~/.ssh/known_hosts +.Cm from +and +.Xr sshd_config 5 +.Cm Match +.Cm Host +directives. .It Cm UseLogin Specifies whether .Xr login 1 -- cgit v1.2.3