On Wed, 12 Oct 2011, Kevin Fenzi wrote: > * DO verify ssh host keys via dnssec protected dns. ( .ssh/config: > "VerifyHostKeyDNS yes") https://bugzilla.redhat.com/show_bug.cgi?id=180277 https://bugzilla.redhat.com/show_bug.cgi?id=730558 You can't tell us to use this while at the same time refusing to make that security setting not the system default.... I asked for this back in 2006 ........ See the bug entry for my elaborate example showing you that DNS without DNSSEC does NOT lead to automatically connecting to servers you were never on before without prompting. Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
