1782 – Match support for HostbasedUsesNameFromPacketOnly

Bug 1782 - Match support for HostbasedUsesNameFromPacketOnly

Summary: Match support for HostbasedUsesNameFromPacketOnly

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P2 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_5_6
	Show dependency tree / graph

Reported:	2010-06-16 03:27 AEST by Iain Morgan
Modified:	2011-01-24 12:33 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Enable Match support for HostbasedUsesNameFromPacketOnly (1.11 KB, patch) 2010-06-16 03:27 AEST, Iain Morgan	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Iain Morgan 2010-06-16 03:27:57 AEST

Created attachment 1860 [details]
Enable Match support for HostbasedUsesNameFromPacketOnly

Currently HostbasedUsesNameFromPacketOnly can only be set as a global
sshd_config option. This means that if hostbased authentication is
enabled and some of the client hosts are behind a NAT, then all
hostbased authentication attempts must only use the hostname from the
authentication packet.

A more surgical approach would be to allow this option to be enabled
on a per-IP bases. Thus the resolved name could be used for clients
that are not behind a NAT and those behind a NAT could use the name
supplied in the packet.

Comment 1 Damien Miller 2010-06-18 10:39:58 AEST

I'll try to commit this together with Match support for AuthorizedKeys and a couple of others. Please see attachment #1863 [details] on bug #1764

Comment 2 Damien Miller 2010-06-22 14:26:31 AEST

fixed as part of bug #1764 - this will be in OpenSSH 5.6

Comment 3 Damien Miller 2011-01-24 12:33:32 AEDT

Move resolved bugs to CLOSED after 5.7 release