diff options
-rw-r--r-- | crypto/openssh/readconf.c | 6 | ||||
-rw-r--r-- | crypto/openssh/ssh_config | 1 | ||||
-rw-r--r-- | crypto/openssh/ssh_config.5 | 5 |
3 files changed, 11 insertions, 1 deletions
diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 2543d68..c99ea66 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -1435,8 +1435,14 @@ fill_default_options(Options * options) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) options->rekey_limit = 0; +#if HAVE_LDNS + if (options->verify_host_key_dns == -1) + /* automatically trust a verified SSHFP record */ + options->verify_host_key_dns = 1; +#else if (options->verify_host_key_dns == -1) options->verify_host_key_dns = 0; +#endif if (options->server_alive_interval == -1) options->server_alive_interval = 0; if (options->server_alive_count_max == -1) diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 2917477..67b5d9f 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -46,4 +46,5 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com +# VerifyHostKeyDNS yes # VersionAddendum FreeBSD-20130515 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 4cbaee9..4521f40 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -1219,7 +1219,10 @@ The argument must be or .Dq ask . The default is -.Dq no . +.Dq yes +if compiled with LDNS and +.Dq no +otherwise. Note that this option applies to protocol version 2 only. .Pp See also |