From owner-freebsd-current Mon Jan 6 2:11: 3 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECBC737B401 for ; Mon, 6 Jan 2003 02:11:01 -0800 (PST) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C481943E4A for ; Mon, 6 Jan 2003 02:10:59 -0800 (PST) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h06A9fV29511; Mon, 6 Jan 2003 08:09:41 -0200 Message-ID: <3E1955E4.8040205@tcoip.com.br> Date: Mon, 06 Jan 2003 08:09:40 -0200 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2b) Gecko/20021212 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: ryan beasley , current@freebsd.org Subject: Re: sshd login References: <3E15917A.9090609@tcoip.com.br> <3E1596E1.7070504@tcoip.com.br> <20030103150108.GA62535@goddamnbastard.org> <3E15C061.8010609@tcoip.com.br> <20030105121908.GB311@goddamnbastard.org> In-Reply-To: <3E15917A.9090609@tcoip.com.br> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ryan beasley wrote: > On Fri, Jan 03, 2003 at 02:54:57PM -0200, Daniel C. Sobral wrote: > > >Alas, that *did* work. My first attempt (replying to another message) > >was done with wrong permissions. > > > >Question... it did not have this trouble before Dec 13, but Dec 30 it > >had (no worlds in between). The sshd_config I use is the standard one. > >So... why? > > > Hm, no idea. Did you possibly change anything that'd stop the kernel > from returning ICMP port unreachables to sshd, like packet > filtering on > lo0, or turning on blackhole(4), etc? Those are the first things > that'd > come to mind explaining the sudden delays as the local lookup attempts > would've begun the instant you were using OpenSSH + privilege > separation > + chroot. Now that you mention it... This does coincide with me noticing I hadn't brought over the rc.sysctl I use on the other firewalls, which includes blackhole(4). Ok, mystery solved. Question, though... why is it querying the reverse if I specifically *told* it not to? -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net Uh-oh -- WHY am I suddenly thinking of a VENERABLE religious leader frolicking on a FORT LAUDERDALE weekend? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message