sshd login stalling

backyard backyard1454-bsd at yahoo.com
Tue Sep 5 17:48:09 PDT 2006 


--- Noah <admin2 at enabled.com> wrote:

> backyard wrote:
> > --- Noah <admin2 at enabled.com> wrote:
> >
> >   
> >> Okay I cant seem to figure out why sshd logins
> are
> >> stalling.  I see that 
> >> I am coming from an IP address that does not have
> >> Reverse mapping.
> >>
> >> So I added the lines below to
> >> /usr/local/etc/ssh/sshd_config
> >> and /etc/ssh is sym linked to /usr/local/etc/ssh
> >>
> >> --- snip ---
> >> lrwxr-xr-x  1 root  wheel        18 Sep  4 23:01
> ssh
> >> -> /usr/local/etc/ssh
> >>
> >> UseDNS no
> >> VerifyReverseMapping no
> >>
> >> ---- snip ---
> >>
> >>
> >> cheers,
> >>
> >> Noah
> >>     
> >
> >
> > just a thought but if /etc/ssh is linked to
> > /usr/local/etc/ssh wouldn't that just cause
> troubles
> > from the ghetco? My understanding is
> /usr/local/etc is
> > for local specific configurations so that a site
> > specific configuration in /etc can be loaded and
> > appended by the stuff in /usr/local/etc. Wouldn't
> > symlinking one to the other force the same config
> > files to be loaded twice??? And if so wouldn't
> that
> > possibly confuse the daemon? Maybe I'm not
> entirely
> > clear on how all that works myself. but my
> > understanding is /etc is read first and then
> appended
> > by /usr/local/etc. Although I can see how this
> would
> > allow NFS to be used on diskless clients using
> generic
> > /etc while allowing system specific configurations
> to
> > be stored elsewhere and linked in as needed. I am
> just
> > under the impression that /usr/local/etc is not
> for
> > this purpose. of course I'm not the brightest tool
> in
> > the shed...
> >   
> 
> 
> 
> Well currently if I am coming from an IP address the
> has reverse mapping 
> then things work fine there is no stalling
> whatsoever.  When I removed 
> the sym link between /etc/ssh and /usr/local/etc/ssh
> things work fine 
> now.  these is still stalling experienced when
> coming from an machine 
> with a non-reverse mapped IP.
> 
> other clues?
> 
> cheers,
> 
> Noah
> 
> 

do you have a firewall setup or any other packet
filtering going on on the box? Is this problem only
with sshd or do all daemons have trouble with a host
that doesn't do reverse-lookups? Perhaps the IP stack
is just blocking the packets coming in from non-fully
qualified hosts.


-brian

More information about the freebsd-questions mailing list