SSH login takes very long time...sometimes
JoaoBR
joao at matik.com.br
Fri Dec 23 15:20:07 PST 2005
On Friday 23 December 2005 20:26, James Tanis wrote:
> What reason is that? A reverse-lookup is no longer really a valid way
> of filtering out the undesireable unless your lucky enough to be
> dealing only with those who have the knowledge and ability to control
> those entries. Most residential ips either have no reverse-lookup or
I guess you are wrong
you can fake your IP and you can fake your hostname, but exactly for security
reasons, since we believe that beeing a a network admin is not because of
luck but knowledge, and we also believe that this person has a certain
responsibility and so he will probably not set up false dns reverse data.
so when I check your IP and hostname you send me and when this do not match
the reverse info I get I can suppose you do not have good intentions or you
do not have the knowledge to set your network up. Both cases may not be
welcome on my network and you get kicked out. Like you see here the decision
is the owner's one who can or not enter his home.
so reverse dns is a absolute valid check - what never was so important as
today since each newborn already knows how to fake IP's
and when your residential Ip provider do not has a correct reverse DNS get
yourself a more serious one
anyway, you are mixing things up since you do not need a valid reverse dns to
configure your sshd, the server admin can disable this lookup or use the
local host file - or you may like the "clever way" and forget to set or
delete your resolv.conf
João
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-stable
mailing list