PUzzling sshd behaviour

Mon Sep 8 14:00:52 PDT 2003

On Mon, 8 Sep 2003 22:27:27 +0200, Andreas Klemm <andreas at freebsd.org> 
wrote:

> On Sun, Sep 07, 2003 at 02:55:10AM +0100, Bruce M Simpson wrote:
>> On Sat, Sep 06, 2003 at 10:54:35PM -0300, Daniel C. Sobral wrote:
>> > Bruce M Simpson wrote:
>> > >On Fri, Sep 05, 2003 at 08:46:46AM -0700, Kris Kennaway wrote:
>> > >>The fact that sshd requires reverse IP resolution is well-known
>> > >>behaviour.  It's probably the most common FAQ about sshd ("Why is my
>> > >>login taking 60 seconds to present the password prompt?").
>> > >
>> > >But what about:
>> > >     VerifyReverseMapping
>> > >             Specifies whether sshd should try to verify the remote 
>> host
>> > >             name
>> > >             and check that the resolved host name for the remote IP
>> > >             address
>> > >             maps back to the very same IP address.  The default is 
>> ``no''.
>> >
>> > AFAIK, that means the reverse mapping result will not be held against
>> > you. :-)
>>
>> This sounds like a bug. Does anyone else agree?
>
> Yes and I really needed this functionality in a project for 12 Suns...
>
> But it didn't work as expected from the description.
>
> And for me a functionality like being able to prevent reverse lookup
> would be completely logical ...
>
> Result was to create about 20 /etc/hosts entries on every sun, to
> prevent this 60 seconds timeout for our Out Of Band login via VPN
> and from sun to sun etc etc

My solution is to install and setup dnscache to do the local DNS cache.

Cheers,
Mezz

> 	Andreas ///

-- 
bsdforums.org 's moderator, mezz.