upstream commit

mention that the default of UseDNS=no implies that hostnames cannot be used for host matching in sshd_config and authorized_keys; bz#2045, ok dtucker@ Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
author: djm@openbsd.org <djm@openbsd.org> 2015-07-20 00:30:01 +0000
committer: Damien Miller <djm@mindrot.org> 2015-07-20 10:32:25 +1000
commit: c63c9a691dca26bb7648827f5a13668832948929 (patch)
tree: 2982b4458f594eff9453806f71803f4db99393bc /sshd_config.5
parent: 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 (diff)
1 files changed, 14 insertions, 5 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index b49e91910..0614531c5 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $
-.Dd $Mdocdate: July 10 2015 $
+.Dd $Mdocdate: July 20 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1493,11 +1493,20 @@ For more details on certificates, see the CERTIFICATES section in
 .It Cm UseDNS
 Specifies whether
 .Xr sshd 8
-should look up the remote host name and check that
+should look up the remote host name, and to check that
 the resolved host name for the remote IP address maps back to the
 very same IP address.
-The default is
+.Pp
-.Dq no .
+If this option is set to
+.Dq no
+(the default) then only addresses and not host names may be used in
+.Pa ~/.ssh/known_hosts
+.Cm from
+and
+.Xr sshd_config 5
+.Cm Match
+.Cm Host
+directives.
 .It Cm UseLogin
 Specifies whether
 .Xr login 1
author	djm@openbsd.org <djm@openbsd.org>	2015-07-20 00:30:01 +0000
committer	Damien Miller <djm@mindrot.org>	2015-07-20 10:32:25 +1000
commit	c63c9a691dca26bb7648827f5a13668832948929 (patch)
tree	2982b4458f594eff9453806f71803f4db99393bc /sshd_config.5
parent	63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index b49e91910..0614531c5 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $
37	.Dd $Mdocdate: July 10 2015 $	37	.Dd $Mdocdate: July 20 2015 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1493,11 +1493,20 @@ For more details on certificates, see the CERTIFICATES section in
1493	.It Cm UseDNS	1493	.It Cm UseDNS
1494	Specifies whether	1494	Specifies whether
1495	.Xr sshd 8	1495	.Xr sshd 8
1496	should look up the remote host name and check that	1496	should look up the remote host name, and to check that
1497	the resolved host name for the remote IP address maps back to the	1497	the resolved host name for the remote IP address maps back to the
1498	very same IP address.	1498	very same IP address.
1499	The default is	1499	.Pp
1500	.Dq no .	1500	If this option is set to
		1501	.Dq no
		1502	(the default) then only addresses and not host names may be used in
		1503	.Pa ~/.ssh/known_hosts
		1504	.Cm from
		1505	and
		1506	.Xr sshd_config 5
		1507	.Cm Match
		1508	.Cm Host
		1509	directives.
1501	.It Cm UseLogin	1510	.It Cm UseLogin
1502	Specifies whether	1511	Specifies whether
1503	.Xr login 1	1512	.Xr login 1