[Bug 241917] blacklistd not accounting for failed sshd login attempts which failed reverse mapping checking
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 07 Nov 2022 18:02:33 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241917 --- Comment #2 from Jose Luis Duran <email@example.com> --- FreeBSD's default sshd configuration has: UseDNS yes It instructs sshd to look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. In the meantime, a potential workaround, could be to set: UseDNS no which is the default setting upstream. However, only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives. I will, eventually, test the possibility of adding a few BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh"); to auth.c (especially under remote_hostname()). -- You are receiving this mail because: You are the assignee for the bug.