Re: sshd doing dns queries on localhost?
From: Fernando Schapachnik (fernando_at_mecon.gov.ar)
Date: 05/26/03
- Previous message: Nickolay A. Kritsky: "Re: sshd doing dns queries on localhost?"
- In reply to: G.P. de Boer: "Re: sshd doing dns queries on localhost?"
- Next in thread: Nickolay A. Kritsky: "Re: sshd doing dns queries on localhost?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 May 2003 14:15:05 -0300 To: "G.P. de Boer" <g.p.de.boer@st.hanze.nl>
En un mensaje anterior, G.P. de Boer escribió:
> On Mon, 2003-05-26 at 18:32, Fernando Schapachnik wrote:
>
> <something about DNS lookups when SSH'ing>
>
> This is becoming a FAQ. Current OpenSSH daemons implement a feature
> called 'privilege seperation', which splits the daemon in two: one part
> running as root, the other as user 'sshd' (or whatever you define),
> minimalizing security threats. One disadvantage though: /etc/resolv.conf
> is read AFTER chroot()ing to the directory '/var/empty' (talking about
> OpenSSH in base). If resolv.conf can't be found there, sshd will lookup
> IP's via 127.0.0.1, generating those log_in_vain messages you see.
>
> How to solve? Well.. copy /etc/resolv.conf to /var/empty/etc/.
Forgot about privsep... Of course that was it. Thanks!
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Nickolay A. Kritsky: "Re: sshd doing dns queries on localhost?"
- In reply to: G.P. de Boer: "Re: sshd doing dns queries on localhost?"
- Next in thread: Nickolay A. Kritsky: "Re: sshd doing dns queries on localhost?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
