Date: Tue, 21 Nov 2006 12:11:37 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, cristiano.deana@gmail.com Subject: Re: sshd. "UseDNS no" ignored? Message-ID: <200611211111.kALBBbv0057029@lurza.secnetix.de> In-Reply-To: <d8a4930a0611210211q4920bfdkf7f0400c69df2689@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cristiano Deana wrote: > Am i wrong or the UseDNS directive is ignored? "UseDNS no" only prevents sshd from performing a validation of the client's reverse lookup. That is, if you connect with a client whose hostname resolves to a different IP address than the one with which it connects, the server will reject it if UseDNS is "yes", but allow it if "no". But "UseDNS no" does _not_ prevent the sshd server from performing any DNS lookups at all. That's not the purpose of that directive. If you specify the -u0 option when starting sshd, it means that it will not put hostnames into the utmp structure (i.e. what you see when you type "w" at the shell prompt), which means that sshd will not perform DNS lookups for that purpose. _However_ there are still cases where a lookup has to be performed when a user has "from=<hostname>" entries in his authorized_keys file, or when authentication methods or configuration directives are used that involve hostnames. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "I invented Ctrl-Alt-Delete, but Bill Gates made it famous." -- David Bradley, original IBM PC design team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611211111.kALBBbv0057029>