Page MenuHomeFreeBSD
Files F132955441

D28692.diff
No OneTemporary
Actions

D28692.diff
View Options

Index: readconf.c
===================================================================
--- readconf.c
+++ readconf.c
@@ -2175,7 +2175,7 @@
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
- options->check_host_ip = 1;
+ options->check_host_ip = 0;
if (options->strict_host_key_checking == -1)
options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
if (options->compression == -1)
@@ -2239,8 +2239,14 @@
options->rekey_limit = 0;
if (options->rekey_interval == -1)
options->rekey_interval = 0;
+#if HAVE_LDNS
+ if (options->verify_host_key_dns == -1)
+ /* automatically trust a verified SSHFP record */
+ options->verify_host_key_dns = 1;
+#else
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
+#endif
if (options->server_alive_interval == -1)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
Index: ssh_config
===================================================================
--- ssh_config
+++ ssh_config
@@ -25,7 +25,7 @@
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
-# CheckHostIP yes
+# CheckHostIP no
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
@@ -44,4 +44,5 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
+# VerifyHostKeyDNS yes
# VersionAddendum FreeBSD-20200214
Index: ssh_config.5
===================================================================
--- ssh_config.5
+++ ssh_config.5
@@ -420,8 +420,7 @@
.Cm no .
.It Cm CheckHostIP
If set to
-.Cm yes
-(the default),
+.Cm yes ,
.Xr ssh 1
will additionally check the host IP address in the
.Pa known_hosts
@@ -434,6 +433,8 @@
If the option is set to
.Cm no ,
the check will not be executed.
+The default is
+.Cm no .
.It Cm Ciphers
Specifies the ciphers allowed and their order of preference.
Multiple ciphers must be comma-separated.
@@ -1772,7 +1773,10 @@
.Cm StrictHostKeyChecking
option.
The default is
-.Cm no .
+.Cm yes
+if compiled with LDNS and
+.Cm no
+otherwise.
.Pp
See also
.Sx VERIFYING HOST KEYS
Index: sshd_config
===================================================================
--- sshd_config
+++ sshd_config
@@ -10,6 +10,9 @@
# possible, but leave them commented. Uncommented options override the
# default value.
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -84,7 +87,7 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

File Metadata

Mime Type
text/plain
Expires
Wed, Oct 22, 12:28 PM (11 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
24056378
Default Alt Text
D28692.diff (2 KB)

Event Timeline