From nobody Sat Jul 15 00:43:29 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R2qMW0pKgz4nMGf for ; Sat, 15 Jul 2023 00:43:19 +0000 (UTC) (envelope-from denradford@gmail.com) Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R2qMV35D9z4QX6 for ; Sat, 15 Jul 2023 00:43:18 +0000 (UTC) (envelope-from denradford@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20221208 header.b=aiwXMvH7; spf=pass (mx1.freebsd.org: domain of denradford@gmail.com designates 2607:f8b0:4864:20::632 as permitted sender) smtp.mailfrom=denradford@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1b89cfb4571so19433735ad.3 for ; Fri, 14 Jul 2023 17:43:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689381796; x=1691973796; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=10hS/GQH9Y2O3pi8lAu4nVMfXnUyB9K8zVET0cVs/2M=; b=aiwXMvH7urPPZDWyb64yk3jWOlqKpXelx8meLoPh6W95/kpCAmU6f6zWqyPkCexylY uwFykLqqMeD1VJStCnEbbxHG1jl7fbHTL9W4TYRikCXjz48soU2iWHPqTTohk423x3v2 vUkqH+mOLYd7wE7usA/aPfDA64VhcI27BHBdAJD7n57SIaePBecXnAGcRhAXvMa5ldxW MHNVe1lAuJTufBbrfRALjSdhxsE0Knk0N5VD3U0UoF/00pXwE1gNHWbAGm6AjaBbaUry Gp/0wm/jXMVFqqx1eSg5NduBvxJ5pJw9WBhjTxnW8WbvTb5g23IDFDp7XZB6O7L+0o4D 9z2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689381796; x=1691973796; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=10hS/GQH9Y2O3pi8lAu4nVMfXnUyB9K8zVET0cVs/2M=; b=fVfjHgG2mdRAUOJ7Nv3vsuh5/yXz++sUuT6yeMlzgB33YqeP1NsJGVBwjFMA5Q+Yib VIrZ1B6Cdiy+UvKiDAfdD+iNW94bEvDPItzpIXOD+hpwx2X2xiqXevRgPUHjSWioHhYs pRusl+xW9S8JTMNfsOPRvffX5ouSRIg4NDevqL/fclqHdLxJlNKh5/SmVBwBqDHK7t4J 7wTa/krDEH2gI5uVhKzeWtrZeF3i6Kn0y1qRfi4ps3I7KlYo0joTWCUbO9NUbKL01fmE 8c3/vInSsFjfWClODf2+1rv5T6AxGUdKxS41rZYExpv758/m1wMlIac8A8+ASdFypG1r mKMg== X-Gm-Message-State: ABy/qLZ+dp2F6KltXugmvHyIhHzipAHlt67kgvkFg7rAyiMqx82tbxul IO/ByyUy83IUPm/zD6+a7AOGL1QdOH8= X-Google-Smtp-Source: APBJJlHW+3t1Cp2AB6RBc+kFAHRQvK6HAAXcpt7cBnGdxUIqMknqhjX4+NXaMCOy+VwONAjI8GuJ3g== X-Received: by 2002:a17:902:bb98:b0:1b8:9b1d:9e24 with SMTP id m24-20020a170902bb9800b001b89b1d9e24mr5462393pls.22.1689381796514; Fri, 14 Jul 2023 17:43:16 -0700 (PDT) Received: from ?IPV6:2604:3d09:2a80:2027:59ae:4414:db7b:dfbe? ([2604:3d09:2a80:2027:59ae:4414:db7b:dfbe]) by smtp.gmail.com with ESMTPSA id b18-20020a170902d51200b001b895a18472sm8295847plg.117.2023.07.14.17.43.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 14 Jul 2023 17:43:16 -0700 (PDT) Content-Type: multipart/alternative; boundary="------------sPnptztIOIFxE72HVvQj62e4" Message-ID: <8a73674c-117f-7555-984b-0c3da925e1ea@gmail.com> Date: Fri, 14 Jul 2023 18:43:29 -0600 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: OT: how to make a ssh/showmount usable with no internet Content-Language: en-US To: Aryeh Friedman , FreeBSD Mailing List References: From: Dennis In-Reply-To: X-Spamd-Result: default: False [-1.98 / 15.00]; NEURAL_HAM_MEDIUM(-0.99)[-0.993]; NEURAL_SPAM_LONG(0.99)[0.991]; NEURAL_HAM_SHORT(-0.99)[-0.986]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20221208]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::632:from]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCVD_COUNT_THREE(0.00)[3]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org] X-Rspamd-Queue-Id: 4R2qMV35D9z4QX6 X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N This is a multi-part message in MIME format. --------------sPnptztIOIFxE72HVvQj62e4 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 7/14/2023 8:28 AM, Aryeh Friedman wrote: > Due to some t-storms my internet is up and down like nuts today but > the upshot is it seems that even local ssh requires a reverse DNS > lookup and thus has a very long hang before connecting. How can I > prevent this behaviour > > Additional question: what additional steps do I need to make the > system completely separable from the internet (I already ran into > reverse DNS issues with showmount). (I use NFS but not NIS for most > stuff) Regarding reverse DNS lookup causing long client connect times: On the SSH server edit /etc/ssh/sshd_config uncomment and modify the following directive UseDNS no restart the sshd service. sshd_config(5) UseDNS Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. The default is “yes” --------------sPnptztIOIFxE72HVvQj62e4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit


On 7/14/2023 8:28 AM, Aryeh Friedman wrote:
Due to some t-storms my internet is up and down like nuts today but
the upshot is it seems that even local ssh requires a reverse DNS
lookup and thus has a very long hang before connecting.   How can I
prevent this behaviour

Additional question: what additional steps do I need to make the
system completely separable from the internet (I already ran into
reverse DNS issues with showmount).   (I use NFS but not NIS for most
stuff)

Regarding reverse DNS lookup causing long client connect times:

On the SSH server edit /etc/ssh/sshd_config
uncomment and modify the following directive 
UseDNS no
restart the sshd service.

sshd_config(5) 

UseDNS  Specifies whether sshd(8) should look up the remote host name,
        and to check that the resolved host name for the remote IP
        address maps back to the very same IP address.
        The default is “yes”
--------------sPnptztIOIFxE72HVvQj62e4--