On Fri, 20 Feb 2015, Daniel Kahn Gillmor wrote:
I reported that discussion to the OpenSSH development mailing list. The
next version of OpenSSH (v6.8) is now set to be released with the
following change:
* sshd(8): UseDNS now defaults to 'no'. Configurations that match
against the client host name (via sshd_config or authorized_keys)
may need to re-enable it or convert to matching against addresses.
http://marc.info/?l=openssh-unix-dev&m=142438449111563&w=2
If there are other instances of popular software that does unreasonable
or unsafe things with the DNS by default, please reach out to the
I have an issue with openssh :)
For 5+ years I've been trying to get them to use "VerifyHostKeyDNS ask"
in /etc/ssh/ssh_config :P
Sadly the fedora/rhel maintainer isn't willing to change it from the
default upstream.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
