On Fri, Oct 31, 2008 at 12:47:19PM -0400, Kyle McDonald wrote: > Yep. I think I'll add the VerifyReverseMapping, as I run the DNS.
If you don't fear DNS attacks, sure. > Is HostbasedUsesNameFromPacketOnly a security enhancement? or just an > option to work around broken reverse lookups? It's a security feature. Note that if HostbasedUsesNameFromPacketOnly then you're likely going to be using short-form names in your known-hosts and .shots and shosts.equiv files. (I think. It's been a while since I've played with host-based userauth.)
