Bug 2405

Summary: Description of UseDNS option is not accurate
Product: Portable OpenSSH Reporter: Jakub Jelen <jjelen>
Component: DocumentationAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: enhancement CC: djm, dtucker
Priority: P5    
Version: 6.8p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2403    
Attachments:
Description Flags
Document UseDNS better dtucker: ok+

Description Jakub Jelen 2015-05-28 17:56:17 AEST 
After releasing openssh-6.8 with new default "UseDNS no", some of our users were surprised that they can't connect to their machines with authorized keys limited to hostname, example:
'from="host.example.org" ssh-rsa ...' in ~/.ssh/authorized_keys

Manual page should state that this option turns off not only reverse lookups (from manual page -- "look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address"), but all DNS functionality that is required for some functions to work, for example above mentioned authorized_keys based on hostname.

Based on Red Hat bugziila [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1225239
Comment 1 Damien Miller 2015-07-17 13:46:38 AEST 
Created attachment 2674 [details]
Document UseDNS better
Comment 2 Darren Tucker 2015-07-17 13:55:05 AEST 
Comment on attachment 2674 [details]
Document UseDNS better

ok, but I wonder if checking the reverse mapping even has any value at all these days...
Comment 3 Damien Miller 2015-07-20 10:30:17 AEST 
applied - will be in OpenSSH 7.0. Thanks!
Comment 4 Damien Miller 2016-08-02 10:41:46 AEST 
Close all resolved bugs after 7.3p1 release