Re: Using DynDNS names in authorized_keys

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 11/26/03 

Date: Wed, 26 Nov 2003 04:32:37 GMT

In article <pan.2003.11.25.13.18.51.531087@hoffleit.de>,
Gregor Hoffleit <gregor@hoffleit.de> wrote:
>Appearently checks in authorized_keys involving dynamic DNS names fail:
>
> from="niksula.dyndns.org" 1024 35 23...2334 ylo@niksula
>
>As far as I can see, sshd doesn't check if "niksula.dyndns.org" maps to
>the IP address of the connection. Instead it does a reverse name
>resolution of the IP address of the connection, and since that points to
>a name in the ISP's zone, the from test fails.
>
>This behavior sounds reasonably secure.
>
>Anyway, is there some other way to add an additional layer of security
>using dynamic DNS addresses?

You probably want CheckHostIP=no. I'm not 100% sure it'll do what you
want but there's a good chance it will.

$ man ssh_config
[snip]
CheckHostIP
     If this flag is set to ``yes'', ssh will additionally check the
     host IP address in the known_hosts file. This allows ssh to
     detect if a host key changed due to DNS spoofing. If the option
     is set to ``no'', the check will not be executed. The default is
     ``yes''. 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: Max wins
    ... That was their connection - his only connection was with them. ... with his parent's politics, I'd totally agree. ... explicit evidence is not currently in the public domain. ... My beef with Max, though, is his judgement. ...
    (rec.autos.sport.f1)
  • Re: Bad Live TV Signal
    ... I have an older generation Samsung 46" 720p DLP TV and I have no trouble using the VGA connection on my desktop or laptop using 1280x720 as a desktop and output resolution over VGA. ... > Connect the sound out from the dish box to your tuner card along with> the ... At times the video is ok, ...
    (microsoft.public.windows.mediacenter)
  • Re: HDMI detects lower resolution than VGA
    ... "Alex Marti" wrote: ... got a message that the resolution could not be added. ... Also, as you say, there is an "Advanced Timing" button to customize ... I setup everything through the VGA connection in my TV: ...
    (microsoft.public.windows.mediacenter)
  • Re: HDMI detects lower resolution than VGA
    ... Connect to an ordinary computer monitor instead of the TV and again then ... I expected the previous resolution would restore... ... Also, as you say, there is an "Advanced Timing" button to customize ... I setup everything through the VGA connection in my TV: ...
    (microsoft.public.windows.mediacenter)
  • Re: HDMI detects lower resolution than VGA
    ... Don't bother with the shelf timings worry only about the resolution itself ... Now I see that the NVIDIA display shows the monitor model as "32LB132B5", ... The list of timing modes available do not include something similar to ... I setup everything through the VGA connection in my TV: ...
    (microsoft.public.windows.mediacenter)