From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 29 12:44:50 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 721B016A524
	for <freebsd-stable@freebsd.org>; Wed, 29 Nov 2006 12:44:50 +0000 (UTC)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 25AEB43CCB
	for <freebsd-stable@freebsd.org>; Wed, 29 Nov 2006 12:44:03 +0000 (GMT)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id kATChfWl004720; 
	Wed, 29 Nov 2006 14:43:42 +0200 (EET)
	(envelope-from dmitry@atlantis.dp.ua)
Date: Wed, 29 Nov 2006 14:43:41 +0200 (EET)
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: Stephen Montgomery-Smith <stephen@math.missouri.edu>
In-Reply-To: <4563126E.2060904@math.missouri.edu>
Message-ID: <20061129143330.T82233@atlantis.atlantis.dp.ua>
References: <d8a4930a0611210211q4920bfdkf7f0400c69df2689@mail.gmail.com>
	<4563126E.2060904@math.missouri.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Cristiano Deana <cristiano.deana@gmail.com>,
	FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>
Subject: Re: sshd. "UseDNS no" ignored?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2006 12:44:50 -0000


Hello!

On Tue, 21 Nov 2006, Stephen Montgomery-Smith wrote:
> I remember a discussion about this maybe a few years ago.  I recall that it 
> is basically impossible to stop ssh from looking up DNS addresses. The

   I'm still wondering why OpenSSH is _so_ inferior to SSH.COM's ssh2
(which is also open-source)? In the later product the following line in 
/usr/local/etc/ssh2/sshd2_config:

 	ResolveClientHostName no

_actually_ prevents DNS reverse lookups by the sshd2 (just checked it,
my test machine has ssh2-nox11-3.2.9.1_5 installed from ports). It's not
the only option which present in ssh2 while absent in OpenSSH, second
very useful one is:

 	AuthInteractiveFailureTimeout   10

which make SSH-password-guessing robots to give up after the first attempt ;)


Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE