Re: how to get rid of sshd needing DNS ?

From: Thomas Wolf (tw_at_wsf.at)
Date: 04/27/04

• Next message: Thomas Wolf: "Re: how to get rid of sshd needing DNS ?"
• Previous message: Kyler Laird: "Re: How to resume an scp transfer?"
• In reply to: Darren Tucker: "Re: how to get rid of sshd needing DNS ?"
• Next in thread: Timo Felbinger: "Re: how to get rid of sshd needing DNS ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Apr 2004 22:36:12 +0200

Darren Tucker wrote:

> In article <c6j69g$npk$1@at-vie-newsmaster01.nextra.at>,
> Thomas Wolf <tw@wsf.at> wrote:
>>This one is driving me crazy.
>>I dont want my sshd to lookup the client's IP.
>>Turned off VerifyReverseMapping, running sshd with -n0,
>
> -u0 is what you probably want.

Yes. -n0 was a typo, I did use -u0.

>
>>not using all the items listed in the manpage that
>>could cause a lookup but no luck. Any hints ?
>>BTW, this is on FreeBSD 4.9-RELEASE-p4.
>
> I don't know which version is in FreeBSD, but recent OpenSSH's also have
> a UseDNS sshd_config option.

Thanks for the hint. I could solve my main problem (too long
delay when DNS is enabled but not responding) by using
OpenSSH_3.8p1 instead of the version included in the FreeBSD
base-system(SSH-1.99-OpenSSH_3.5p1 FreeBSD-20030924)

However I am still confused about the DNS-stuff in sshd.
According to the man pages, 'UseDNS' is the new name
for 'VerifyReverseMapping' in older versions. In 3.5p1, the
client IP was looked up before the login prompt was issued
(regardless the setting of 'VerifyReverseMapping'). In 3.8p1,
the behaviour is different, depending on UseDNS:

UseDNS yes: lookup occurs before and after the login
UseDNS no: lookup occurs after the login.

In any case, the login succeeds, I tried the following
cases:

1) IP lookup fails
2) IP lookup succeeds, reverse fails
3) IP lookup succeeds, reverse succeeds but returns a different IP

My understanding was that there should be no login at least in case 3
and I dont know what the lookup after the login is for. Are there any
documents explaining all this ?

Thomas

• Next message: Thomas Wolf: "Re: how to get rid of sshd needing DNS ?"
• Previous message: Kyler Laird: "Re: How to resume an scp transfer?"
• In reply to: Darren Tucker: "Re: how to get rid of sshd needing DNS ?"
• Next in thread: Timo Felbinger: "Re: how to get rid of sshd needing DNS ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Validating an NT ID from SQL Server ... and need a way in SQL server to query NT to see ... The web site know their login id, ... >does a lookup in a table to get their rights. ... (microsoft.public.sqlserver.security) Re: Validating an NT ID from SQL Server ... and need a way in SQL server to query NT to see ... The web site know their login id, ... >>does a lookup in a table to get their rights. ... (microsoft.public.sqlserver.security) Database Authentication ... I have seen many sample of code authenticating a user by querying a ... database. ... Some lookup against only the login and return the password which is then ... Others lookup against both. ... (microsoft.public.dotnet.framework.aspnet) Validating an NT ID from SQL Server ... We're trying to make sure our user's NT Login ID's are ... all users appear to the SQL server ... does a lookup in a table to get their rights. ... (microsoft.public.sqlserver.security) Re: ssh initial connects SLOW ... attempted *logging* of the hostname of the connecting site, ... information ot 0 does, in fact, block the lookup. ... documented in the sshd manpage. ... would have been easy to modify the code to check for the UseDNS ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint