diff options
author | Damien Miller <djm@mindrot.org> | 2002-02-05 12:13:41 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-02-05 12:13:41 +1100 |
commit | c5d8635d6a9425289bd0cbfa83b90a4e42e6a72a (patch) | |
tree | 9a431368be8d4ee5e8742c44870b34a3dfd457f7 | |
parent | 43cba34b649a2df8c170e17a5655d060830a386e (diff) |
- markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth-options.c | 4 | ||||
-rw-r--r-- | auth-rh-rsa.c | 4 | ||||
-rw-r--r-- | auth-rhosts.c | 4 | ||||
-rw-r--r-- | auth.c | 4 | ||||
-rw-r--r-- | auth2.c | 4 | ||||
-rw-r--r-- | canohost.c | 20 | ||||
-rw-r--r-- | servconf.c | 17 | ||||
-rw-r--r-- | servconf.h | 4 | ||||
-rw-r--r-- | session.c | 6 | ||||
-rw-r--r-- | sshd.8 | 18 | ||||
-rw-r--r-- | sshd_config | 4 |
12 files changed, 51 insertions, 45 deletions
@@ -31,6 +31,11 @@ | |||
31 | - markus@cvs.openbsd.org 2002/01/29 14:27:57 | 31 | - markus@cvs.openbsd.org 2002/01/29 14:27:57 |
32 | [ssh-add.c] | 32 | [ssh-add.c] |
33 | exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@ | 33 | exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@ |
34 | - markus@cvs.openbsd.org 2002/01/29 14:32:03 | ||
35 | [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c] | ||
36 | [servconf.c servconf.h session.c sshd.8 sshd_config] | ||
37 | s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; | ||
38 | ok stevesk@ | ||
34 | 39 | ||
35 | 20020130 | 40 | 20020130 |
36 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ | 41 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ |
@@ -7433,4 +7438,4 @@ | |||
7433 | - Wrote replacements for strlcpy and mkdtemp | 7438 | - Wrote replacements for strlcpy and mkdtemp |
7434 | - Released 1.0pre1 | 7439 | - Released 1.0pre1 |
7435 | 7440 | ||
7436 | $Id: ChangeLog,v 1.1807 2002/02/05 01:12:49 djm Exp $ | 7441 | $Id: ChangeLog,v 1.1808 2002/02/05 01:13:41 djm Exp $ |
diff --git a/auth-options.c b/auth-options.c index 9f90437ca..8df6a6dfc 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.20 2001/08/30 20:36:34 stevesk Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.21 2002/01/29 14:32:03 markus Exp $"); |
14 | 14 | ||
15 | #include "packet.h" | 15 | #include "packet.h" |
16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
@@ -170,7 +170,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
170 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 170 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
171 | const char *remote_ip = get_remote_ipaddr(); | 171 | const char *remote_ip = get_remote_ipaddr(); |
172 | const char *remote_host = get_canonical_hostname( | 172 | const char *remote_host = get_canonical_hostname( |
173 | options.reverse_mapping_check); | 173 | options.verify_reverse_mapping); |
174 | char *patterns = xmalloc(strlen(opts) + 1); | 174 | char *patterns = xmalloc(strlen(opts) + 1); |
175 | 175 | ||
176 | opts += strlen(cp); | 176 | opts += strlen(cp); |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index e8d22a041..df917583b 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.27 2001/12/27 19:54:53 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.28 2002/01/29 14:32:03 markus Exp $"); |
17 | 17 | ||
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
@@ -48,7 +48,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key | |||
48 | return 0; | 48 | return 0; |
49 | 49 | ||
50 | canonical_hostname = get_canonical_hostname( | 50 | canonical_hostname = get_canonical_hostname( |
51 | options.reverse_mapping_check); | 51 | options.verify_reverse_mapping); |
52 | 52 | ||
53 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); | 53 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); |
54 | 54 | ||
diff --git a/auth-rhosts.c b/auth-rhosts.c index cbceb6319..ebbf88f89 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $"); | 17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.26 2002/01/29 14:32:03 markus Exp $"); |
18 | 18 | ||
19 | #include "packet.h" | 19 | #include "packet.h" |
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
@@ -156,7 +156,7 @@ auth_rhosts(struct passwd *pw, const char *client_user) | |||
156 | const char *hostname, *ipaddr; | 156 | const char *hostname, *ipaddr; |
157 | int ret; | 157 | int ret; |
158 | 158 | ||
159 | hostname = get_canonical_hostname(options.reverse_mapping_check); | 159 | hostname = get_canonical_hostname(options.verify_reverse_mapping); |
160 | ipaddr = get_remote_ipaddr(); | 160 | ipaddr = get_remote_ipaddr(); |
161 | ret = auth_rhosts2(pw, client_user, hostname, ipaddr); | 161 | ret = auth_rhosts2(pw, client_user, hostname, ipaddr); |
162 | return ret; | 162 | return ret; |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.32 2002/01/29 14:32:03 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -111,7 +111,7 @@ allowed_user(struct passwd * pw) | |||
111 | return 0; | 111 | return 0; |
112 | 112 | ||
113 | if (options.num_deny_users > 0 || options.num_allow_users > 0) { | 113 | if (options.num_deny_users > 0 || options.num_allow_users > 0) { |
114 | hostname = get_canonical_hostname(options.reverse_mapping_check); | 114 | hostname = get_canonical_hostname(options.verify_reverse_mapping); |
115 | ipaddr = get_remote_ipaddr(); | 115 | ipaddr = get_remote_ipaddr(); |
116 | } | 116 | } |
117 | 117 | ||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.82 2002/01/13 17:57:37 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.83 2002/01/29 14:32:03 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | 29 | ||
@@ -743,7 +743,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
743 | HostStatus host_status; | 743 | HostStatus host_status; |
744 | int len; | 744 | int len; |
745 | 745 | ||
746 | resolvedname = get_canonical_hostname(options.reverse_mapping_check); | 746 | resolvedname = get_canonical_hostname(options.verify_reverse_mapping); |
747 | ipaddr = get_remote_ipaddr(); | 747 | ipaddr = get_remote_ipaddr(); |
748 | 748 | ||
749 | debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", | 749 | debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", |
diff --git a/canohost.c b/canohost.c index 4f2e576b2..5eb67f676 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.29 2001/12/19 07:18:56 deraadt Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.30 2002/01/29 14:32:03 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -27,7 +27,7 @@ static void check_ip_options(int, char *); | |||
27 | */ | 27 | */ |
28 | 28 | ||
29 | static char * | 29 | static char * |
30 | get_remote_hostname(int socket, int reverse_mapping_check) | 30 | get_remote_hostname(int socket, int verify_reverse_mapping) |
31 | { | 31 | { |
32 | struct sockaddr_storage from; | 32 | struct sockaddr_storage from; |
33 | int i; | 33 | int i; |
@@ -90,7 +90,7 @@ get_remote_hostname(int socket, int reverse_mapping_check) | |||
90 | if (isupper(name[i])) | 90 | if (isupper(name[i])) |
91 | name[i] = tolower(name[i]); | 91 | name[i] = tolower(name[i]); |
92 | 92 | ||
93 | if (!reverse_mapping_check) | 93 | if (!verify_reverse_mapping) |
94 | return xstrdup(name); | 94 | return xstrdup(name); |
95 | /* | 95 | /* |
96 | * Map it back to an IP address and check that the given | 96 | * Map it back to an IP address and check that the given |
@@ -174,14 +174,14 @@ check_ip_options(int socket, char *ipaddr) | |||
174 | */ | 174 | */ |
175 | 175 | ||
176 | const char * | 176 | const char * |
177 | get_canonical_hostname(int reverse_mapping_check) | 177 | get_canonical_hostname(int verify_reverse_mapping) |
178 | { | 178 | { |
179 | static char *canonical_host_name = NULL; | 179 | static char *canonical_host_name = NULL; |
180 | static int reverse_mapping_checked = 0; | 180 | static int verify_reverse_mapping_done = 0; |
181 | 181 | ||
182 | /* Check if we have previously retrieved name with same option. */ | 182 | /* Check if we have previously retrieved name with same option. */ |
183 | if (canonical_host_name != NULL) { | 183 | if (canonical_host_name != NULL) { |
184 | if (reverse_mapping_checked != reverse_mapping_check) | 184 | if (verify_reverse_mapping_done != verify_reverse_mapping) |
185 | xfree(canonical_host_name); | 185 | xfree(canonical_host_name); |
186 | else | 186 | else |
187 | return canonical_host_name; | 187 | return canonical_host_name; |
@@ -190,11 +190,11 @@ get_canonical_hostname(int reverse_mapping_check) | |||
190 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ | 190 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ |
191 | if (packet_connection_is_on_socket()) | 191 | if (packet_connection_is_on_socket()) |
192 | canonical_host_name = get_remote_hostname( | 192 | canonical_host_name = get_remote_hostname( |
193 | packet_get_connection_in(), reverse_mapping_check); | 193 | packet_get_connection_in(), verify_reverse_mapping); |
194 | else | 194 | else |
195 | canonical_host_name = xstrdup("UNKNOWN"); | 195 | canonical_host_name = xstrdup("UNKNOWN"); |
196 | 196 | ||
197 | reverse_mapping_checked = reverse_mapping_check; | 197 | verify_reverse_mapping_done = verify_reverse_mapping; |
198 | return canonical_host_name; | 198 | return canonical_host_name; |
199 | } | 199 | } |
200 | 200 | ||
@@ -281,11 +281,11 @@ get_remote_ipaddr(void) | |||
281 | } | 281 | } |
282 | 282 | ||
283 | const char * | 283 | const char * |
284 | get_remote_name_or_ip(u_int utmp_len, int reverse_mapping_check) | 284 | get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) |
285 | { | 285 | { |
286 | static const char *remote = ""; | 286 | static const char *remote = ""; |
287 | if (utmp_len > 0) | 287 | if (utmp_len > 0) |
288 | remote = get_canonical_hostname(reverse_mapping_check); | 288 | remote = get_canonical_hostname(verify_reverse_mapping); |
289 | if (utmp_len == 0 || strlen(remote) > utmp_len) | 289 | if (utmp_len == 0 || strlen(remote) > utmp_len) |
290 | remote = get_remote_ipaddr(); | 290 | remote = get_remote_ipaddr(); |
291 | return remote; | 291 | return remote; |
diff --git a/servconf.c b/servconf.c index e33d65a5e..8273df54c 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.99 2002/01/27 14:57:46 stevesk Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.100 2002/01/29 14:32:03 markus Exp $"); |
14 | 14 | ||
15 | #if defined(KRB4) || defined(KRB5) | 15 | #if defined(KRB4) || defined(KRB5) |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -105,7 +105,7 @@ initialize_server_options(ServerOptions *options) | |||
105 | options->max_startups_rate = -1; | 105 | options->max_startups_rate = -1; |
106 | options->max_startups = -1; | 106 | options->max_startups = -1; |
107 | options->banner = NULL; | 107 | options->banner = NULL; |
108 | options->reverse_mapping_check = -1; | 108 | options->verify_reverse_mapping = -1; |
109 | options->client_alive_interval = -1; | 109 | options->client_alive_interval = -1; |
110 | options->client_alive_count_max = -1; | 110 | options->client_alive_count_max = -1; |
111 | options->authorized_keys_file = NULL; | 111 | options->authorized_keys_file = NULL; |
@@ -220,8 +220,8 @@ fill_default_server_options(ServerOptions *options) | |||
220 | options->max_startups_rate = 100; /* 100% */ | 220 | options->max_startups_rate = 100; /* 100% */ |
221 | if (options->max_startups_begin == -1) | 221 | if (options->max_startups_begin == -1) |
222 | options->max_startups_begin = options->max_startups; | 222 | options->max_startups_begin = options->max_startups; |
223 | if (options->reverse_mapping_check == -1) | 223 | if (options->verify_reverse_mapping == -1) |
224 | options->reverse_mapping_check = 0; | 224 | options->verify_reverse_mapping = 0; |
225 | if (options->client_alive_interval == -1) | 225 | if (options->client_alive_interval == -1) |
226 | options->client_alive_interval = 0; | 226 | options->client_alive_interval = 0; |
227 | if (options->client_alive_count_max == -1) | 227 | if (options->client_alive_count_max == -1) |
@@ -264,7 +264,7 @@ typedef enum { | |||
264 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 264 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
265 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 265 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
266 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 266 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
267 | sBanner, sReverseMappingCheck, sHostbasedAuthentication, | 267 | sBanner, sVerifyReverseMapping, sHostbasedAuthentication, |
268 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 268 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
269 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 269 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
270 | sDeprecated | 270 | sDeprecated |
@@ -336,7 +336,8 @@ static struct { | |||
336 | { "subsystem", sSubsystem }, | 336 | { "subsystem", sSubsystem }, |
337 | { "maxstartups", sMaxStartups }, | 337 | { "maxstartups", sMaxStartups }, |
338 | { "banner", sBanner }, | 338 | { "banner", sBanner }, |
339 | { "reversemappingcheck", sReverseMappingCheck }, | 339 | { "verifyreversemapping", sVerifyReverseMapping }, |
340 | { "reversemappingcheck", sVerifyReverseMapping }, | ||
340 | { "clientaliveinterval", sClientAliveInterval }, | 341 | { "clientaliveinterval", sClientAliveInterval }, |
341 | { "clientalivecountmax", sClientAliveCountMax }, | 342 | { "clientalivecountmax", sClientAliveCountMax }, |
342 | { "authorizedkeysfile", sAuthorizedKeysFile }, | 343 | { "authorizedkeysfile", sAuthorizedKeysFile }, |
@@ -687,8 +688,8 @@ parse_flag: | |||
687 | intptr = &options->gateway_ports; | 688 | intptr = &options->gateway_ports; |
688 | goto parse_flag; | 689 | goto parse_flag; |
689 | 690 | ||
690 | case sReverseMappingCheck: | 691 | case sVerifyReverseMapping: |
691 | intptr = &options->reverse_mapping_check; | 692 | intptr = &options->verify_reverse_mapping; |
692 | goto parse_flag; | 693 | goto parse_flag; |
693 | 694 | ||
694 | case sLogFacility: | 695 | case sLogFacility: |
diff --git a/servconf.h b/servconf.h index 463a16dad..911725583 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: servconf.h,v 1.52 2002/01/27 14:57:46 stevesk Exp $"); */ | 14 | /* RCSID("$OpenBSD: servconf.h,v 1.53 2002/01/29 14:32:03 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
@@ -116,7 +116,7 @@ typedef struct { | |||
116 | int max_startups_rate; | 116 | int max_startups_rate; |
117 | int max_startups; | 117 | int max_startups; |
118 | char *banner; /* SSH-2 banner message */ | 118 | char *banner; /* SSH-2 banner message */ |
119 | int reverse_mapping_check; /* cross-check ip and dns */ | 119 | int verify_reverse_mapping; /* cross-check ip and dns */ |
120 | int client_alive_interval; /* | 120 | int client_alive_interval; /* |
121 | * poke the client this often to | 121 | * poke the client this often to |
122 | * see if it's still there | 122 | * see if it's still there |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.119 2002/01/27 14:57:46 stevesk Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.120 2002/01/29 14:32:03 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -717,7 +717,7 @@ do_login(Session *s, const char *command) | |||
717 | 717 | ||
718 | /* Record that there was a login on that tty from the remote host. */ | 718 | /* Record that there was a login on that tty from the remote host. */ |
719 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, | 719 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, |
720 | get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), | 720 | get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), |
721 | (struct sockaddr *)&from); | 721 | (struct sockaddr *)&from); |
722 | 722 | ||
723 | #ifdef USE_PAM | 723 | #ifdef USE_PAM |
@@ -1287,7 +1287,7 @@ do_child(Session *s, const char *command) | |||
1287 | /* we have to stash the hostname before we close our socket. */ | 1287 | /* we have to stash the hostname before we close our socket. */ |
1288 | if (options.use_login) | 1288 | if (options.use_login) |
1289 | hostname = get_remote_name_or_ip(utmp_len, | 1289 | hostname = get_remote_name_or_ip(utmp_len, |
1290 | options.reverse_mapping_check); | 1290 | options.verify_reverse_mapping); |
1291 | /* | 1291 | /* |
1292 | * Close the connection descriptors; note that this is the child, and | 1292 | * Close the connection descriptors; note that this is the child, and |
1293 | * the server will still have the socket open, and it is important | 1293 | * the server will still have the socket open, and it is important |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.164 2002/01/27 14:57:46 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.165 2002/01/29 14:32:03 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -766,14 +766,6 @@ Specifies whether public key authentication is allowed. | |||
766 | The default is | 766 | The default is |
767 | .Dq yes . | 767 | .Dq yes . |
768 | Note that this option applies to protocol version 2 only. | 768 | Note that this option applies to protocol version 2 only. |
769 | .It Cm ReverseMappingCheck | ||
770 | Specifies whether | ||
771 | .Nm | ||
772 | should try to verify the remote host name and check that | ||
773 | the resolved host name for the remote IP address maps back to the | ||
774 | very same IP address. | ||
775 | The default is | ||
776 | .Dq no . | ||
777 | .It Cm RhostsAuthentication | 769 | .It Cm RhostsAuthentication |
778 | Specifies whether authentication using rhosts or /etc/hosts.equiv | 770 | Specifies whether authentication using rhosts or /etc/hosts.equiv |
779 | files is sufficient. | 771 | files is sufficient. |
@@ -841,6 +833,14 @@ will be disabled because | |||
841 | does not know how to handle | 833 | does not know how to handle |
842 | .Xr xauth 1 | 834 | .Xr xauth 1 |
843 | cookies. | 835 | cookies. |
836 | .It Cm VerifyReverseMapping | ||
837 | Specifies whether | ||
838 | .Nm | ||
839 | should try to verify the remote host name and check that | ||
840 | the resolved host name for the remote IP address maps back to the | ||
841 | very same IP address. | ||
842 | The default is | ||
843 | .Dq no . | ||
844 | .It Cm X11DisplayOffset | 844 | .It Cm X11DisplayOffset |
845 | Specifies the first display number available for | 845 | Specifies the first display number available for |
846 | .Nm sshd Ns 's | 846 | .Nm sshd Ns 's |
diff --git a/sshd_config b/sshd_config index d1e8c6b4d..ee2e6ac89 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.45 2002/01/27 14:57:46 stevesk Exp $ | 1 | # $OpenBSD: sshd_config,v 1.46 2002/01/29 14:32:03 markus Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See sshd(8) | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
4 | # for more information. | 4 | # for more information. |
@@ -86,7 +86,7 @@ | |||
86 | #MaxStartups 10 | 86 | #MaxStartups 10 |
87 | # no default banner path | 87 | # no default banner path |
88 | #Banner /some/path | 88 | #Banner /some/path |
89 | #ReverseMappingCheck no | 89 | #VerifyReverseMapping no |
90 | 90 | ||
91 | # override default of no subsystems | 91 | # override default of no subsystems |
92 | Subsystem sftp /usr/libexec/sftp-server | 92 | Subsystem sftp /usr/libexec/sftp-server |