Possible break-in attempt?
Grzegorz Junka
list1 at gjunka.com
Sat Jul 21 20:46:19 UTC 2018
On 21/07/2018 19:59, Miroslav Lachman wrote:
> Grzegorz Junka wrote on 2018/07/21 21:29:
>
> [...]
>
>>>>> There is no point to this foolishly alarming message. Be mindful
>>>>> of the OTHER ways you must surely have in place to keep your sshd
>>>>> hard against attack.
>>>>>
>>>> Good to know. But the documentation says setting to no prevents
>>>> from using DNS in known_hosts. When I look into my known_hosts I
>>>> see many dns-only names, e.g. github.com among others.
>>>>
>>>> GrzegorzJ
>>> In which man page or web page are you seeing this information?
>>
>> > man sshd_config
>>
>> UseDNS Specifies whether sshd(8) should look up the remote
>> host name,
>> and to check that the resolved host name for the remote IP
>> address maps back to the very same IP address.
>>
>> If this option is set to “no”, then only addresses and
>> not host
>> names may be used in ~/.ssh/known_hosts from and
>> sshd_config
>> Match Host directives. The default is “yes”.
>
> What version of FreeBSD do you have?
> On FreeBSD 10.4 there is
>
> UseDNS Specifies whether sshd(8) should look up the remote host name,
> and to check that the resolved host name for the remote IP
> address maps back to the very same IP address.
>
> If this option is set to “no”, then only addresses and not host
> names may be used in ~/.ssh/authorized_keys from and sshd_config
> Match Host directives. The default is “yes”.
>
> And I don't think sshd_config should have any impact on client
> configuration (known_hosts). It is controlled by ssh_config.
It's from 11.1-RELEASE-p1. I would hope that 11.1p1 is more correct than
10.4?
More information about the freebsd-security
mailing list