[EMAIL PROTECTED] said this stuff: > On Sun, Sep 07, 2003 at 02:55:10AM +0100, Bruce M Simpson wrote: [...] > > > >But what about: > > > > VerifyReverseMapping > > > > Specifies whether sshd should try to verify the remote host > > > > name > > > > and check that the resolved host name for the remote IP > > > > address > > > > maps back to the very same IP address. The default is ``no''. [...] > > This sounds like a bug. Does anyone else agree? > > Yes and I really needed this functionality in a project for 12 Suns... > > But it didn't work as expected from the description.
It's a common misconception that this option means the server should not attempt a reverse lookup. It doesn't. If the VerifyReverseMapping option is enabled, then after the server does a reverse lookup, it will then ensure that the hostname maps back to the same ip address that is associated with the socket, useful mainly for banning networks with lackluster admins or attackers who try to feign domain ownership using only reverse dns. The initial part of the description is a bit misleading, but the fact that setting this option to 'no' does not disable reverse lookups is not a bug. ari _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
