Date: Sat, 23 Apr 2005 12:01:33 -0400 (EDT) From: Devon Sean McCullough <FreeBSD-2005@Jovi.Net> To: Lucas Holt <luke@foolishgames.com> Cc: killing@BarrysWorld.com Subject: Re: sshd dieing? after applying FreeBSD-SA-03:12.openssh Message-ID: <200504231601.j3NG1XQP096947@grant.org> In-Reply-To: <8fed6f5a0d21fb3a660b0e511cfd3e07@foolishgames.com> (message from Lucas Holt on Sat, 23 Apr 2005 00:11:19 -0400) References: <200504192127.j3JLR9Oq055796@grant.org><20050420083114.X46699@eleanor.us1.wmi.uvac.net> <200504201248.j3KCmYH3071130@grant.org> <011901c545a9$e5ac6fc0$b3db87d4@multiplay.co.uk> <200504201335.j3KDZMZ4086059@grant.org> <8fed6f5a0d21fb3a660b0e511cfd3e07@foolishgames.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Sat, 23 Apr 2005 00:11:19 -0400 From: Lucas Holt <luke@foolishgames.com> As I recall there is an option in the openssh config file in recent versions to disable DNS lookups. Thank you for pointing that out! FreeBSD-5.3 supports workaround # sshd -o UseDNS=no but older servers do not. An older workaround # echo hosts: files >> /etc/nsswitch.conf disables DNS on the entire server. I know /etc/host.conf controlled host lookups, now vanished with no trace. I guess /etc/hosts lacks reverse lookups. Peace --Devon /~\ \ / Health Care X not warfare / \ Dubya won the digital vote Kerry won the popular vote PS: Oh no, I exposed my real mailbox to spammers harvesting the FreeBSD lists, ugh, time for a new domain and a smarter mailer. Subject: Re: sshd dieing? after applying FreeBSD-SA-03:12.openssh Date: Sat, 23 Apr 2005 00:11:19 -0400 From: Lucas Holt <luke@foolishgames.com> In-Reply-To: <200504201335.j3KDZMZ4086059@grant.org> As I recall there is an option in the openssh config file in recent versions to disable DNS lookups. On Apr 20, 2005, at 9:35 AM, FreeBSD-2005@Jovi.Net wrote: > In the future, please do as I did and publish whatever solution you > find, > my answer was somewhat lame but worked for me and will help the next > guy. > To the SSH server /etc/hosts I added the client machine, now when it > gets > to debug1: got SSH2_MSG_SERVICE_ACCEPT it hangs for only 75 seconds. > > Peace > --Devon > > From: "Steven Hartland" <killing@multiplay.co.uk> > Cc: <security-advisories@freebsd.org>, <freebsd-hackers@freebsd.org>, > <FreeBSD-2005@Jovi.Net>, <killing@BarrysWorld.com> > Date: Wed, 20 Apr 2005 14:07:21 +0100 > > Sorry I don't remember the solution we came up with. It was a long time > ago. I think it was to do with DNS invalid / broken DNS or something > like that but I couldn't say for sure. > > Regards > Steve > ----- Original Message ----- > From: <FreeBSD-2005@Jovi.Net> >> >> This trouble hit me yesterday, 2005 Apr 19 Tue, Google led me to >> someone else with the exact same trouble. What use to ask the net >> if nobody publishes an ANSWER? A good netizen does the right thing. >> By citing the original question, I create a link to a possible answer. > > ================================================ > This e.mail is private and confidential between Multiplay (UK) Ltd. > and the person or entity to whom it is addressed. In the event of > misdirection, the recipient is prohibited from using, copying, > printing or otherwise disseminating it or any information contained in > it. > > In the event of misdirection, illegible or incomplete transmission > please telephone (023) 8024 3137 > or return the E.mail to postmaster@multiplay.co.uk. > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" > > Lucas Holt Luke@FoolishGames.com ________________________________________________________ FoolishGames.com (Jewel Fan Site) JustJournal.com (Free blogging) FoolishGames.net (Enemy Territory IoM site)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504231601.j3NG1XQP096947>