On Fri, Oct 31, 2008 at 12:09:11PM -0400, Kyle McDonald wrote:
> One thing that wasn't clear in the manpages, is if SSH's processing of
> hostnames in ~/.{r,s}hosts and /etc/{s,}hosts.equiv files is case
> sensitive or not. RSH was, but DNS is not, although reverse DNS is
> case-preserving.
> I haven't done enough testing now that I have it working to have figured
> it out, but some mention of it in the manpages would have helped.
See HostbasedUsesNameFromPacketOnly and VerifyReverseMapping in
sshd_config(4):
HostbasedUsesNameFromPacketOnly
Controls which hostname is searched for in the files
~/.shosts, /etc/shosts.equiv, and /etc/hosts.equiv. If
this parameter is set to yes, the server uses the name
the client claimed for itself and signed with that
host's key. If set to no, the default, the server uses
the name to which the client's IP address resolves.
Setting this parameter to no disables host-based authen-
tication when using NAT or when the client gets to the
server indirectly through a port-forwarding firewall.
and
VerifyReverseMapping
Specifies whether sshd should try to verify the remote
host name and check that the resolved host name for the
remote IP address maps back to the very same IP address.
(A yes setting means "verify".) Setting this parameter
to no can be useful where DNS servers might be down and
thus cause sshd to spend much time trying to resolve the
client's IP address to a name. This feature is useful
for Internet-facing servers. The default is no.
Nico
--
