Date: Sat, 6 Sep 2003 22:34:28 +0100 From: Bruce M Simpson <bms@spc.org> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-hackers@freebsd.org Subject: Re: PUzzling sshd behaviour Message-ID: <20030906213428.GF29217@spc.org> In-Reply-To: <20030905154646.GA59881@rot13.obsecurity.org> References: <3F589E94.1080508@xwave.com> <20030905154646.GA59881@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 05, 2003 at 08:46:46AM -0700, Kris Kennaway wrote:
> > Anyone else see this type of thing before? I did some research on the
> > lists but all I ever saw was a problem with reading resolv.conf. That's
> > not the case here, because it's definitely picking up the nameserver
> > from that file.
>
> The fact that sshd requires reverse IP resolution is well-known
> behaviour. It's probably the most common FAQ about sshd ("Why is my
> login taking 60 seconds to present the password prompt?").
But what about:
VerifyReverseMapping
Specifies whether sshd should try to verify the remote host name
and check that the resolved host name for the remote IP address
maps back to the very same IP address. The default is ``no''.
?
I usually configure my sshd with -u0 to prevent hostnames being truncated
in wtmp/lastlog, for better audit trail.
BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030906213428.GF29217>