On 12 Nov 2014, at 11:43, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> wrote: > Perhaps a better approach here is to leave UseDNS=yes as the default, > but also default to -u0, and generate a deprecation warning when > encountering any need for DNS while -u0 is set, so that future versions > of openssh can get away with disabling those lookups entirely. > > What do other folks think is the right way to improve the default > behavior here? The first thing I do to a host on install is disable every bit of ssh/DNS interaction I can, plus GSSAPI (I know that's not upstream) as both significantly slow connection times. If you're happy disabling tcpwrappers and ripping it out the source code, this is a rather more minor change, I'd suggest. -- Alex Bligh
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev