On Fri, 31 Oct 2008, Henry B. Hotz wrote:
>> VerifyReverseMapping
>>
>> Specifies whether sshd should try to verify the remote
>> host name and check that the resolved host name for the
>> remote IP address maps back to the very same IP address.
>> (A yes setting means "verify".) Setting this parameter
>> to no can be useful where DNS servers might be down and
>> thus cause sshd to spend much time trying to resolve the
>> client's IP address to a name. This feature is useful
>> for Internet-facing servers. The default is no.
>
>I like the option. It should default "no" as it does. I think there
>ought to be more warning of the risks associated with "yes".
Henry, note that there might be problems when using the option:
6593370 VerifyReverseMapping in SunSSH doesn't work
--
Jan Pechanec
