Date: Wed, 29 Nov 2006 14:43:41 +0200 (EET) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: Stephen Montgomery-Smith <stephen@math.missouri.edu> Cc: Cristiano Deana <cristiano.deana@gmail.com>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: sshd. "UseDNS no" ignored? Message-ID: <20061129143330.T82233@atlantis.atlantis.dp.ua> In-Reply-To: <4563126E.2060904@math.missouri.edu> References: <d8a4930a0611210211q4920bfdkf7f0400c69df2689@mail.gmail.com> <4563126E.2060904@math.missouri.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Tue, 21 Nov 2006, Stephen Montgomery-Smith wrote: > I remember a discussion about this maybe a few years ago. I recall that it > is basically impossible to stop ssh from looking up DNS addresses. The I'm still wondering why OpenSSH is _so_ inferior to SSH.COM's ssh2 (which is also open-source)? In the later product the following line in /usr/local/etc/ssh2/sshd2_config: ResolveClientHostName no _actually_ prevents DNS reverse lookups by the sshd2 (just checked it, my test machine has ssh2-nox11-3.2.9.1_5 installed from ports). It's not the only option which present in ssh2 while absent in OpenSSH, second very useful one is: AuthInteractiveFailureTimeout 10 which make SSH-password-guessing robots to give up after the first attempt ;) Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061129143330.T82233>