[Bug 1782] New: Match support for HostbasedUsesNameFromPacketOnly

bugzilla-daemon Tue, 15 Jun 2010 10:28:05 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=1782


           Summary: Match support for HostbasedUsesNameFromPacketOnly
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-b...@mindrot.org
        ReportedBy: imor...@nas.nasa.gov


Created attachment 1860
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1860
Enable Match support for HostbasedUsesNameFromPacketOnly

Currently HostbasedUsesNameFromPacketOnly can only be set as a global
sshd_config option. This means that if hostbased authentication is
enabled and some of the client hosts are behind a NAT, then all
hostbased authentication attempts must only use the hostname from the
authentication packet.

A more surgical approach would be to allow this option to be enabled
on a per-IP bases. Thus the resolved name could be used for clients
that are not behind a NAT and those behind a NAT could use the name
supplied in the packet.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1782] New: Match support for HostbasedUsesNameFromPacketOnly

Reply via email to