From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 6 18:55:11 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9352C16A4BF for ; Sat, 6 Sep 2003 18:55:11 -0700 (PDT) Received: from newsguy.com (smtp.newsguy.com [129.250.170.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03A6144001 for ; Sat, 6 Sep 2003 18:55:11 -0700 (PDT) (envelope-from dcs@newsguy.com) Received: from newsguy.com (200-140-005-095.bsace7025.dsl.brasiltelecom.net.br [200.140.5.95]) by newsguy.com (8.9.1p2/8.9.1) with ESMTP id SAA01843; Sat, 6 Sep 2003 18:54:39 -0700 (PDT) Message-ID: <3F5A8FDB.3050507@newsguy.com> Date: Sat, 06 Sep 2003 22:54:35 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en,pt-BR,pt,en-GB,en-US,ja MIME-Version: 1.0 To: Bruce M Simpson References: <3F589E94.1080508@xwave.com> <20030905154646.GA59881@rot13.obsecurity.org> <20030906213428.GF29217@spc.org> In-Reply-To: <20030906213428.GF29217@spc.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org cc: Kris Kennaway Subject: Re: PUzzling sshd behaviour X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2003 01:55:11 -0000 Bruce M Simpson wrote: > On Fri, Sep 05, 2003 at 08:46:46AM -0700, Kris Kennaway wrote: > >>>Anyone else see this type of thing before? I did some research on the >>>lists but all I ever saw was a problem with reading resolv.conf. That's >>>not the case here, because it's definitely picking up the nameserver >>>from that file. >> >>The fact that sshd requires reverse IP resolution is well-known >>behaviour. It's probably the most common FAQ about sshd ("Why is my >>login taking 60 seconds to present the password prompt?"). > > > But what about: > > VerifyReverseMapping > Specifies whether sshd should try to verify the remote host name > and check that the resolved host name for the remote IP address > maps back to the very same IP address. The default is ``no''. > > ? AFAIK, that means the reverse mapping result will not be held against you. :-) -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@west.side.of.bsdconspiracy.net Steele: "Aha! We've finally got you talking jargon too!" Stallman: "What did he say?" Steele: "Bob just used "canonical" in the canonical way."