Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 06 Jan 2003 08:09:40 -0200
From:      "Daniel C. Sobral" <dcs@tcoip.com.br>
To:        ryan beasley <ryanb@goddamnbastard.org>, current@freebsd.org
Subject:   Re: sshd login
Message-ID:  <3E1955E4.8040205@tcoip.com.br>
In-Reply-To: <3E15917A.9090609@tcoip.com.br>
References:  <3E15917A.9090609@tcoip.com.br> <3E1596E1.7070504@tcoip.com.br> <20030103150108.GA62535@goddamnbastard.org> <3E15C061.8010609@tcoip.com.br> <20030105121908.GB311@goddamnbastard.org>
index | next in thread | previous in thread | raw e-mail 

ryan beasley wrote:

> On Fri, Jan 03, 2003 at 02:54:57PM -0200, Daniel C. Sobral wrote:
>
> >Alas, that *did* work. My first attempt (replying to another message)
> >was done with wrong permissions.
> >
> >Question... it did not have this trouble before Dec 13, but Dec 30 it
> >had (no worlds in between). The sshd_config I use is the standard one.
> >So... why?
>
>
>     Hm, no idea.  Did you possibly change anything that'd stop the kernel
>     from returning ICMP port unreachables to sshd, like packet 
> filtering on
>     lo0, or turning on blackhole(4), etc?  Those are the first things 
> that'd
>     come to mind explaining the sudden delays as the local lookup attempts
>     would've begun the instant you were using OpenSSH + privilege 
> separation
>     + chroot.

Now that you mention it... This does coincide with me noticing I hadn't 
brought over the rc.sysctl I use on the other firewalls, which includes 
blackhole(4).

Ok, mystery solved. Question, though... why is it querying the reverse 
if I specifically *told* it not to?

-- 
Daniel C. Sobral                   (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
         Daniel.Sobral@tcoip.com.br
         dcs@tcoip.com.br

Outros:
	dcs@newsguy.com
	dcs@freebsd.org
	capo@notorious.bsdconspiracy.net

Uh-oh -- WHY am I suddenly thinking of a VENERABLE religious leader
frolicking on a FORT LAUDERDALE weekend?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E1955E4.8040205>