summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/openssh/readconf.c6
-rw-r--r--crypto/openssh/ssh_config1
-rw-r--r--crypto/openssh/ssh_config.55
3 files changed, 11 insertions, 1 deletions
diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index 2543d68..c99ea66 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -1435,8 +1435,14 @@ fill_default_options(Options * options)
options->enable_ssh_keysign = 0;
if (options->rekey_limit == -1)
options->rekey_limit = 0;
+#if HAVE_LDNS
+ if (options->verify_host_key_dns == -1)
+ /* automatically trust a verified SSHFP record */
+ options->verify_host_key_dns = 1;
+#else
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
+#endif
if (options->server_alive_interval == -1)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config
index 2917477..67b5d9f 100644
--- a/crypto/openssh/ssh_config
+++ b/crypto/openssh/ssh_config
@@ -46,4 +46,5 @@
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
+# VerifyHostKeyDNS yes
# VersionAddendum FreeBSD-20130515
diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5
index 4cbaee9..4521f40 100644
--- a/crypto/openssh/ssh_config.5
+++ b/crypto/openssh/ssh_config.5
@@ -1219,7 +1219,10 @@ The argument must be
or
.Dq ask .
The default is
-.Dq no .
+.Dq yes
+if compiled with LDNS and
+.Dq no
+otherwise.
Note that this option applies to protocol version 2 only.
.Pp
See also
OpenPOWER on IntegriCloud