Date: Mon, 07 Nov 2022 18:02:33 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 241917] blacklistd not accounting for failed sshd login attempts which failed reverse mapping checking Message-ID: <bug-241917-227-cdtqjxn0oa@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-241917-227@https.bugs.freebsd.org/bugzilla/> References: <bug-241917-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241917 --- Comment #2 from Jose Luis Duran <jlduran@gmail.com> --- FreeBSD's default sshd configuration has: UseDNS yes It instructs sshd to look up the remote host name and check that the resolv= ed host name for the remote IP address maps back to the very same IP address. In the meantime, a potential workaround, could be to set: UseDNS no which is the default setting upstream. However, only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives. I will, eventually, test the possibility of adding a few BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh"); to auth.c (especially under remote_hostname()). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241917-227-cdtqjxn0oa>