Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

workarounds for Host param not canonicalizing?

from [Ryan Barrett] Network Security [Permanent Link]
Subject: workarounds for Host param not canonicalizing?
Date: Fri, 20 May 2005 11:21:11 -0700 (PDT)
hi all. the Host parameter in ssh_config matches against the hostname typed on the command line, as opposed to the canonicalized host name. this is to prevent DNS spoofing attacks, which is a Good Thing...

...but it does hurt usability if you routinely ssh to lots of machines. instead of "Host *.foo.com", you have to use "Host abc def ghi ...". needless to say, this is error-prone and hard to maintain.

does anyone have any tips for handling this? (i use openssh versions 3.6 through 3.9, on linux and openbsd.) thanks in advance...

-Ryan

--
http://ryan.barrett.name/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: remote ssh for root, daniel . engelsen
Next by Date:  OpenSSH & ChRoot, Richard Secor
Previous by Thread:  known_hosts vulnerability?, Gabriel M. Elder
Next by Thread:  Re: workarounds for Host param not canonicalizing?, Alexander Klimov
Indexes:  [Date] [Thread] [Top] [All Lists]