Date: Sat, 06 Sep 2003 22:54:35 -0300 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Bruce M Simpson <bms@spc.org> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: PUzzling sshd behaviour Message-ID: <3F5A8FDB.3050507@newsguy.com> In-Reply-To: <20030906213428.GF29217@spc.org> References: <3F589E94.1080508@xwave.com> <20030905154646.GA59881@rot13.obsecurity.org> <20030906213428.GF29217@spc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce M Simpson wrote:
> On Fri, Sep 05, 2003 at 08:46:46AM -0700, Kris Kennaway wrote:
>
>>>Anyone else see this type of thing before? I did some research on the
>>>lists but all I ever saw was a problem with reading resolv.conf. That's
>>>not the case here, because it's definitely picking up the nameserver
>>>from that file.
>>
>>The fact that sshd requires reverse IP resolution is well-known
>>behaviour. It's probably the most common FAQ about sshd ("Why is my
>>login taking 60 seconds to present the password prompt?").
>
>
> But what about:
>
> VerifyReverseMapping
> Specifies whether sshd should try to verify the remote host name
> and check that the resolved host name for the remote IP address
> maps back to the very same IP address. The default is ``no''.
>
> ?
AFAIK, that means the reverse mapping result will not be held against
you. :-)
--
Daniel C. Sobral (8-DCS)
dcs@newsguy.com
dcs@freebsd.org
capo@west.side.of.bsdconspiracy.net
Steele: "Aha! We've finally got you talking jargon too!"
Stallman: "What did he say?"
Steele: "Bob just used "canonical" in the canonical way."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F5A8FDB.3050507>