Hi, I have a question about hostbased authentication. It looks like the client does a reverse DNS lookup on the IP it is connecting from and uses that hostname as chost - which fails if it’s a dynamic IP (though wildcards in some places seem to work). The solution is to put this IP in /etc/hosts so that it picks the hostname the authenticating server has in ssh_known_hosts and hosts.equiv, but that’s not practical. Is there a way to just configure it for a client or system in a config file? It’s apparently not a security measure (at least with HostbasedUsesNameFromPacketOnly=yes)? The only workaround I found is to use “ssh -o BindAddress=10.1.2.3” which is my second loopback address that’s actually used for my FQDN in /etc/hosts. Also I wonder if the server could/should just check forward DNS against the connecting IP as a better alternative to HostbasedUsesNameFromPacketOnly=yes, this would make it work with DynDNS services. Thanks Jan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
