Is it a feature or a configuration error with OpenSSH when
sshd refuses to answer, if you have DNS configured via
/etc/resolv.conf and /etc/nsswitch.conf but the nameservers
are not available (due to temporary firewalling glitch, for
example)?
Worst case the machine never gets past starting sshd during
boot, but usually you "just" can't reach the machine with ssh.
The OpenSSH in question is anything from ~2.9 to 3.5p1,
compiled with tcp_wrappers and sshd: ALL in hosts.allow (if
that matters). OS is Solaris 8, but I think we've had it in
Sol7 as well.
Some answers that turn up when browsing list archives
seem to discuss misconfigured reverse-dns combined with
all: PARANOID in hosts.deny but we haven't used the
paranoid stuff. Sometimes the DNS is just out of reach and
that's when things start going wrong.
Some simple solution for the problem we've haven't
noticed?
Hannu Liljemark wrote: [DNS problems]> Worst case the machine never gets past starting sshd during > boot, but usually you "just" can't reach the machine with ssh. > The OpenSSH in question is anything from ~2.9 to 3.5p1, > compiled with tcp_wrappers and sshd: ALL in hosts.allow (if > that matters). OS is Solaris 8, but I think we've had it in > Sol7 as well.Some of the commands in ssh_prng_cmds might rely on DNS (the arp command is a common offender) and thus hang. This will cause ssh-rand-helper to hang. It's supposed to time out but didn't always. See http://bugzilla.mindrot.org/show_bug.cgi?id=400> Some simple solution for the problem we've haven't > noticed?Try http://bugzilla.mindrot.org/attachment.cgi?id=156&action=view -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.