Let's the if we can give the mono-space boxes a bit more space.

This commit is contained in:
Florian Obser 2023-01-15 08:33:37 +01:00
parent 4ae9e2c797
commit c2447eab80

View File

@ -41,7 +41,7 @@ can secure those with DNSSEC.
[[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify [[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify
host-keys: host-keys:
#+begin_example #+begin_example
VerifyHostKeyDNS VerifyHostKeyDNS
Specifies whether to verify the remote key using DNS and SSHFP Specifies whether to verify the remote key using DNS and SSHFP
resource records. If this option is set to yes, the client will resource records. If this option is set to yes, the client will
implicitly trust keys that match a secure fingerprint from DNS. implicitly trust keys that match a secure fingerprint from DNS.
@ -50,7 +50,6 @@ host-keys:
match will be displayed, but the user will still need to confirm match will be displayed, but the user will still need to confirm
new host keys according to the StrictHostKeyChecking option. The new host keys according to the StrictHostKeyChecking option. The
default is no. default is no.
#+end_example #+end_example
One problem with this is, if you put One problem with this is, if you put
@ -73,7 +72,7 @@ have a trustworthy validating name-server is to run one on localhost.
[[http://man.openbsd.org/resolv.conf#trust-ad][resolv.conf(5)]] explains the *trust-ad* option: [[http://man.openbsd.org/resolv.conf#trust-ad][resolv.conf(5)]] explains the *trust-ad* option:
#+begin_example #+begin_example
trust-ad A name server indicating that it performed DNSSEC trust-ad A name server indicating that it performed DNSSEC
validation by setting the Authentic Data (AD) flag validation by setting the Authentic Data (AD) flag
in the answer can only be trusted if the name in the answer can only be trusted if the name
server itself is trusted and the network path is server itself is trusted and the network path is