Re: sshd doing dns queries on localhost?
From: G.P. de Boer (g.p.de.boer_at_st.hanze.nl)
Date: 05/26/03
- Previous message: Fernando Schapachnik: "sshd doing dns queries on localhost?"
- In reply to: Fernando Schapachnik: "sshd doing dns queries on localhost?"
- Next in thread: Fernando Schapachnik: "Re: sshd doing dns queries on localhost?"
- Reply: Fernando Schapachnik: "Re: sshd doing dns queries on localhost?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Fernando Schapachnik <fernando@mecon.gov.ar> Date: 26 May 2003 19:02:30 +0200
On Mon, 2003-05-26 at 18:32, Fernando Schapachnik wrote:
<something about DNS lookups when SSH'ing>
This is becoming a FAQ. Current OpenSSH daemons implement a feature
called 'privilege seperation', which splits the daemon in two: one part
running as root, the other as user 'sshd' (or whatever you define),
minimalizing security threats. One disadvantage though: /etc/resolv.conf
is read AFTER chroot()ing to the directory '/var/empty' (talking about
OpenSSH in base). If resolv.conf can't be found there, sshd will lookup
IP's via 127.0.0.1, generating those log_in_vain messages you see.
How to solve? Well.. copy /etc/resolv.conf to /var/empty/etc/.
Regards, Pieter
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Fernando Schapachnik: "sshd doing dns queries on localhost?"
- In reply to: Fernando Schapachnik: "sshd doing dns queries on localhost?"
- Next in thread: Fernando Schapachnik: "Re: sshd doing dns queries on localhost?"
- Reply: Fernando Schapachnik: "Re: sshd doing dns queries on localhost?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
