On Fri, Oct 31, 2008 at 12:41:46PM -0400, Kyle McDonald wrote: > I saw those. Niether of them descirbe the case-(in)sensitivity of the > hostname matching operations that sshd performs though.
Ah. From code inspection it looks like it's case insensitive. > The second one seems like a good idea for added security when using > hostbased authentication, but It's not clear how it would affect the > hostname comparision? Setting VerifyReverseMapping to yes creates an attack vector (if you can successfully attack the DNS PTR record lookup, then you can pretend to be a trusted client).
