Date: Fri, 14 Jul 2023 18:43:29 -0600 From: Dennis <denradford@gmail.com> To: Aryeh Friedman <aryeh.friedman@gmail.com>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: how to make a ssh/showmount usable with no internet Message-ID: <8a73674c-117f-7555-984b-0c3da925e1ea@gmail.com> In-Reply-To: <CAGBxaXkmGvK5Ak6vNWUiXbU%2B2ArRYad83ma-CArPO9KEzcODFg@mail.gmail.com> References: <CAGBxaXkmGvK5Ak6vNWUiXbU%2B2ArRYad83ma-CArPO9KEzcODFg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------sPnptztIOIFxE72HVvQj62e4
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
On 7/14/2023 8:28 AM, Aryeh Friedman wrote:
> Due to some t-storms my internet is up and down like nuts today but
> the upshot is it seems that even local ssh requires a reverse DNS
> lookup and thus has a very long hang before connecting. How can I
> prevent this behaviour
>
> Additional question: what additional steps do I need to make the
> system completely separable from the internet (I already ran into
> reverse DNS issues with showmount). (I use NFS but not NIS for most
> stuff)
Regarding reverse DNS lookup causing long client connect times:
On the SSH server edit /etc/ssh/sshd_config
uncomment and modify the following directive
UseDNS no
restart the sshd service.
sshd_config(5)
UseDNS Specifies whether sshd(8) should look up the remote host name,
and to check that the resolved host name for the remote IP address maps
back to the very same IP address. The default is “yes”
--------------sPnptztIOIFxE72HVvQj62e4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 7/14/2023 8:28 AM, Aryeh Friedman
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAGBxaXkmGvK5Ak6vNWUiXbU+2ArRYad83ma-CArPO9KEzcODFg@mail.gmail.com">
<pre wrap="" class="moz-quote-pre">Due to some t-storms my internet is up and down like nuts today but
the upshot is it seems that even local ssh requires a reverse DNS
lookup and thus has a very long hang before connecting. How can I
prevent this behaviour
Additional question: what additional steps do I need to make the
system completely separable from the internet (I already ran into
reverse DNS issues with showmount). (I use NFS but not NIS for most
stuff)
</pre>
</blockquote>
<br>
<p><span style="white-space: pre-wrap">Regarding reverse DNS lookup causing long client connect times:</span></p>
<span style="white-space: pre-wrap">On the SSH server edit /etc/ssh/sshd_config </span><br>
<span style="white-space: pre-wrap">uncomment and modify the following directive</span>
<pre><span style="white-space: pre-wrap">UseDNS no
</span></pre>
<span style="white-space: pre-wrap">restart the sshd service.</span>
<p><span style="white-space: pre-wrap">
</span></p>
<p><span style="white-space: pre-wrap">sshd_config(5)
</span></p>
<pre><span style="white-space: pre-wrap">UseDNS Specifies whether sshd(8) should look up the remote host name,
and to check that the resolved host name for the remote IP
address maps back to the very same IP address.
The default is “yes”
</span></pre>
</body>
</html>
--------------sPnptztIOIFxE72HVvQj62e4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8a73674c-117f-7555-984b-0c3da925e1ea>