From owner-freebsd-stable@FreeBSD.ORG Tue Nov 21 11:12:08 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8C3A016A403 for ; Tue, 21 Nov 2006 11:12:08 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id E50BE43DBD for ; Tue, 21 Nov 2006 11:11:26 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (nwluzy@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id kALBBbcs057030; Tue, 21 Nov 2006 12:11:46 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id kALBBbv0057029; Tue, 21 Nov 2006 12:11:37 +0100 (CET) (envelope-from olli) Date: Tue, 21 Nov 2006 12:11:37 +0100 (CET) Message-Id: <200611211111.kALBBbv0057029@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, cristiano.deana@gmail.com In-Reply-To: X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Tue, 21 Nov 2006 12:11:46 +0100 (CET) Cc: Subject: Re: sshd. "UseDNS no" ignored? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, cristiano.deana@gmail.com List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2006 11:12:08 -0000 Cristiano Deana wrote: > Am i wrong or the UseDNS directive is ignored? "UseDNS no" only prevents sshd from performing a validation of the client's reverse lookup. That is, if you connect with a client whose hostname resolves to a different IP address than the one with which it connects, the server will reject it if UseDNS is "yes", but allow it if "no". But "UseDNS no" does _not_ prevent the sshd server from performing any DNS lookups at all. That's not the purpose of that directive. If you specify the -u0 option when starting sshd, it means that it will not put hostnames into the utmp structure (i.e. what you see when you type "w" at the shell prompt), which means that sshd will not perform DNS lookups for that purpose. _However_ there are still cases where a lookup has to be performed when a user has "from=" entries in his authorized_keys file, or when authentication methods or configuration directives are used that involve hostnames. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "I invented Ctrl-Alt-Delete, but Bill Gates made it famous." -- David Bradley, original IBM PC design team