This is a good idea in general. However, every version of ssh that I could test ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		beagle3 on Jan 28, 2015 \| parent \| context \| favorite \| on: CVE-2015-0235 – GHOST: glibc gethostbyname buffer ... This is a good idea in general. However, every version of ssh that I could test (going back to Ubuntu 8.04) uses getaddrinfo() rather than gethostbyname() and is therefore safe.

beagle3 on Jan 28, 2015 [–]

... or not necessarily safe, as people here claim that getaddrinfo() uses gethostbyname() under the covers.

"UseDNS no" in your sshd_config is a good idea in general.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact