diff options
author | des <des@FreeBSD.org> | 2013-09-10 22:30:22 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2013-09-10 22:30:22 +0000 |
commit | c960286445eb68fac5bb495df021d0dcf22ec4de (patch) | |
tree | f38c99ce2b414f0d4c266e8e44a6ef9114b9c80a /crypto/openssh/ssh_config | |
parent | 2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f (diff) | |
download | FreeBSD-src-c960286445eb68fac5bb495df021d0dcf22ec4de.zip FreeBSD-src-c960286445eb68fac5bb495df021d0dcf22ec4de.tar.gz |
Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS. With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records. If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.
Approved by: re (blanket)
Diffstat (limited to 'crypto/openssh/ssh_config')
-rw-r--r-- | crypto/openssh/ssh_config | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 2917477..67b5d9f 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -46,4 +46,5 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com +# VerifyHostKeyDNS yes # VersionAddendum FreeBSD-20130515 |