Change the default value of VerifyHostKeyDNS to "yes" if compiled with

LDNS. With that setting, OpenSSH will silently accept host keys that match verified SSHFP records. If an SSHFP record exists but could not be verified, OpenSSH will print a message and prompt the user as usual. Approved by: re (blanket)
author: des <des@FreeBSD.org> 2013-09-10 22:30:22 +0000
committer: des <des@FreeBSD.org> 2013-09-10 22:30:22 +0000
commit: c960286445eb68fac5bb495df021d0dcf22ec4de (patch)
tree: f38c99ce2b414f0d4c266e8e44a6ef9114b9c80a /crypto/openssh/ssh_config.5
parent: 2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f (diff)
download: FreeBSD-src-c960286445eb68fac5bb495df021d0dcf22ec4de.zip
FreeBSD-src-c960286445eb68fac5bb495df021d0dcf22ec4de.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5
index 4cbaee9..4521f40 100644
--- a/crypto/openssh/ssh_config.5
+++ b/crypto/openssh/ssh_config.5
@@ -1219,7 +1219,10 @@ The argument must be
 or
 .Dq ask .
 The default is
-.Dq no .
+.Dq yes
+if compiled with LDNS and
+.Dq no
+otherwise.
 Note that this option applies to protocol version 2 only.
 .Pp
 See also
author	des <des@FreeBSD.org>	2013-09-10 22:30:22 +0000
committer	des <des@FreeBSD.org>	2013-09-10 22:30:22 +0000
commit	c960286445eb68fac5bb495df021d0dcf22ec4de (patch)
tree	f38c99ce2b414f0d4c266e8e44a6ef9114b9c80a /crypto/openssh/ssh_config.5
parent	2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f (diff)
download	FreeBSD-src-c960286445eb68fac5bb495df021d0dcf22ec4de.zip FreeBSD-src-c960286445eb68fac5bb495df021d0dcf22ec4de.tar.gz