sshd. "UseDNS no" ignored?

Oliver Fromme olli at
Tue Nov 21 03:12:08 PST 2006

Cristiano Deana wrote:
 > Am i wrong or the UseDNS directive is ignored?

"UseDNS no" only prevents sshd from performing a validation
of the client's reverse lookup.  That is, if you connect
with a client whose hostname resolves to a different IP
address than the one with which it connects, the server
will reject it if UseDNS is "yes", but allow it if "no".

But "UseDNS no" does _not_ prevent the sshd server from
performing any DNS lookups at all.  That's not the purpose
of that directive.

If you specify the -u0 option when starting sshd, it means
that it will not put hostnames into the utmp structure
(i.e. what you see when you type "w" at the shell prompt),
which means that sshd will not perform DNS lookups for that
purpose.  _However_ there are still cases where a lookup
has to be performed when a user has "from=<hostname>"
entries in his authorized_keys file, or when authentication
methods or configuration directives are used that involve

Best regards

Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD:
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"I invented Ctrl-Alt-Delete, but Bill Gates made it famous."
        -- David Bradley, original IBM PC design team

More information about the freebsd-stable mailing list