sshd. "UseDNS no" ignored?
Dmitry Pryanishnikov
dmitry at atlantis.dp.ua
Wed Nov 29 04:44:50 PST 2006
Hello!
On Tue, 21 Nov 2006, Stephen Montgomery-Smith wrote:
> I remember a discussion about this maybe a few years ago. I recall that it
> is basically impossible to stop ssh from looking up DNS addresses. The
I'm still wondering why OpenSSH is _so_ inferior to SSH.COM's ssh2
(which is also open-source)? In the later product the following line in
/usr/local/etc/ssh2/sshd2_config:
ResolveClientHostName no
_actually_ prevents DNS reverse lookups by the sshd2 (just checked it,
my test machine has ssh2-nox11-3.2.9.1_5 installed from ports). It's not
the only option which present in ssh2 while absent in OpenSSH, second
very useful one is:
AuthInteractiveFailureTimeout 10
which make SSH-password-guessing robots to give up after the first attempt ;)
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE
More information about the freebsd-stable
mailing list