Date: Mon, 07 Nov 2022 18:02:33 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 241917] blacklistd not accounting for failed sshd login attempts which failed reverse mapping checking Message-ID: <bug-241917-227-cdtqjxn0oa@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-241917-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241917 --- Comment #2 from Jose Luis Duran <jlduran@gmail.com> --- FreeBSD's default sshd configuration has: UseDNS yes It instructs sshd to look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. In the meantime, a potential workaround, could be to set: UseDNS no which is the default setting upstream. However, only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives. I will, eventually, test the possibility of adding a few BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh"); to auth.c (especially under remote_hostname()). -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241917-227-cdtqjxn0oa>
