sshd doing dns queries on localhost?
G.P. de Boer
g.p.de.boer at st.hanze.nl
Mon May 26 10:02:42 PDT 2003
On Mon, 2003-05-26 at 18:32, Fernando Schapachnik wrote:
<something about DNS lookups when SSH'ing>
This is becoming a FAQ. Current OpenSSH daemons implement a feature
called 'privilege seperation', which splits the daemon in two: one part
running as root, the other as user 'sshd' (or whatever you define),
minimalizing security threats. One disadvantage though: /etc/resolv.conf
is read AFTER chroot()ing to the directory '/var/empty' (talking about
OpenSSH in base). If resolv.conf can't be found there, sshd will lookup
IP's via 127.0.0.1, generating those log_in_vain messages you see.
How to solve? Well.. copy /etc/resolv.conf to /var/empty/etc/.
Regards, Pieter
More information about the freebsd-security
mailing list