From owner-freebsd-security Sun Mar 16 22:10:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEEC237B401 for ; Sun, 16 Mar 2003 22:10:32 -0800 (PST) Received: from buexe.b-5.de (buexe.b-5.de [212.14.80.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41D5D43FBD for ; Sun, 16 Mar 2003 22:10:31 -0800 (PST) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9]) by buexe.b-5.de (8.11.6/8.11.6/b-5/buexe-2.2) with ESMTP id h2H6ARt26528; Mon, 17 Mar 2003 07:10:28 +0100 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 236B95E0; Mon, 17 Mar 2003 07:10:27 +0100 (CET) Date: Mon, 17 Mar 2003 07:10:27 +0100 To: sysadmin@wvths.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh 3.5 connection timeout Message-ID: <20030317061027.GA27778@lupe-christoph.de> References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <16705.24.218.220.202.1047871579.squirrel@webmail.wvths.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <16705.24.218.220.202.1047871579.squirrel@webmail.wvths.com> User-Agent: Mutt/1.5.3i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday, 2003-03-16 at 22:26:19 -0500, sysadmin@wvths.com wrote: > /etc/resolv.conf lists the valid DNS servers, which don't include > 127.0.0.1 as I'm not running bind locally. The connection timeout > disapears after satrting named locally. If there is no /etc/resolv.conf, the resolver falls back to 127.0.0.1. I'd bet (if I did any betting ;-) you have UsePrivilegeSeparation yes in your /etc/ssh/sshd_config. When /etc/resolv.conf is opened, sshd is already chrooted. Either set UsePrivilegeSeparation to no (not recommended), put a /etc/resolve.conf in /var/empty (not too good), or set ReverseMappingCheck to no (better). You may also want to run a local caching named (best). > Following Dag-Erling Smørgrav's advise on starting sshd in debugging mode, > I don't get "debug1: res_init()". I'm currently using FreeBSD 4.7-p6 and > openssh 3.5 built today(03/16). I'll upgrade to 4-STABLE today and post if > anything changes .. This is not a bug in OpenSSH, and has been discussed here before. HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message