Using DynDNS names in authorized_keys
From: Gregor Hoffleit (gregor_at_hoffleit.de)
Date: 11/25/03
- Next message: memacro: "Cipher type"
- Previous message: Laurent Gosselin: "Restricted SFTP access on Windows ?"
- Next in thread: Darren Tucker: "Re: Using DynDNS names in authorized_keys"
- Reply: Darren Tucker: "Re: Using DynDNS names in authorized_keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Nov 2003 14:18:52 +0100
Appearently checks in authorized_keys involving dynamic DNS names fail:
from="niksula.dyndns.org" 1024 35 23...2334 ylo@niksula
As far as I can see, sshd doesn't check if "niksula.dyndns.org" maps to
the IP address of the connection. Instead it does a reverse name
resolution of the IP address of the connection, and since that points to
a name in the ISP's zone, the from test fails.
This behavior sounds reasonably secure.
Anyway, is there some other way to add an additional layer of security
using dynamic DNS addresses?
Regards,
Gregor
- Next message: memacro: "Cipher type"
- Previous message: Laurent Gosselin: "Restricted SFTP access on Windows ?"
- Next in thread: Darren Tucker: "Re: Using DynDNS names in authorized_keys"
- Reply: Darren Tucker: "Re: Using DynDNS names in authorized_keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
