[PATCH] clarify doc of NoHostAuthenticationForLocalhost

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



From: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Clarify the documentation of the NoHostAuthenticationForLocalhost directive in
ssh_config(5):

• Document, that it works on any hostname that resolves to the loopback device.
• Demote the „use case” to being just one example of how it can be used.

Fixes bug #2293.

Signed-off-by: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
---
 ssh_config.5 | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/ssh_config.5 b/ssh_config.5
index b702e32..f79a17d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1041,15 +1041,19 @@ hmac-md5,hmac-sha1,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
 .It Cm NoHostAuthenticationForLocalhost
-This option can be used if the home directory is shared across machines.
-In this case localhost will refer to a different machine on each of
-the machines and the user will get many warnings about changed host keys.
-However, this option disables host authentication for localhost.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is to check the host key for localhost.
+If set to
+.Dq yes ,
+then no host authentication will be performed for any target
+.Ar hostname
+(for example localhost or ip6-localhost) that resolves to a
+loopback network interface (that is addresses 127.0.0.0/8 for IPv4
+respectively ::1/128 for IPv6). The default of
+.Dq no
+is to always check the host key of all SSH servers.
+.Pp
+This option can for example be used when the home directory is shared across
+machines. In this case the name localhost will refer to a different machine
+on each of the machines and the user will get many warnings about changed host keys.
 .It Cm NumberOfPasswordPrompts
 Specifies the number of password prompts before giving up.
 The argument to this keyword must be an integer.
-- 
2.1.4

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux