similar to: [Bug 720] "UseDNS no" breaks public key login

According to the manpage: UseDNS Specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''. Thing is, while sshd *checks*, this doesn't actually control whether or not the client is allowed to connect, it seems at most to be an option that causes

https://bugzilla.mindrot.org/show_bug.cgi?id=2405 Bug ID: 2405 Summary: Description of UseDNS option is not accurate Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2554 Bug ID: 2554 Summary: UseDNS documentation is misleading Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=1860 Summary: UseDNS option ignored Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: pavel.krejci at

Hi, I am trying to configure OpenSSH to allow root logins, without success so far. So I could really use some advice. This is my server configuration: AllowUsers = thomas root AuthenticationMethods hostbased,publickey ExposeAuthInfo = no ForceCommand none GSSAPIAuthentication no HostbasedAcceptedAlgorithms ssh-ed25519 HostbasedAuthentication yes HostbasedUsesNameFromPacketOnly yes HostKey

https://bugzilla.mindrot.org/show_bug.cgi?id=1667 Summary: sshd slow connect with 'UseDNS yes' Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

Hi, I'm having a problem with ssh and sssd in a samba4 ad environment. If I logon a linux client everything works fine. When entering klist I'm able to see my ticket. When I try to connect/logon to another linux client with ssh it is possible, but klist shows: klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found. So the ticket cache is not created during

https://bugzilla.mindrot.org/show_bug.cgi?id=2545 Bug ID: 2545 Summary: reverse DNS lookups shouldn't block login Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

I'm attaching a simple doc patch against current CVS - feel free to re-word it as you see fit. I also noticed that if UseDNS is no, HostbasedUsesNameFromPacketOnly _must_ be yes if you want HostbasedAuthentication to work. -- Carson -------------- next part -------------- --- sshd_config.5.DIST 2003-09-13 02:25:18.365707000 -0400+++ sshd_config.5 2003-09-13 02:46:29.430974000 -0400@@

http://bugzilla.mindrot.org/show_bug.cgi?id=383 ------- Additional Comments From markus at openbsd.org 2002-08-23 07:46 ------- what does "rlogin set to false" mean? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=682 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2004-03-30 16:15

https://bugzilla.mindrot.org/show_bug.cgi?id=1860 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #6 from Damien Miller <djm at

Hi People, As part of securing SSH we currently have UseDNS set to yes. But we are finding that a number of ISP's are deliberately refusing to configure matching forward and reverse DNS records. So I am wondering how many of you are still using this option?

I use dyndns's (free) service to access a remote machine with a dynamic IP address. The machine is running under CentOS-6.0. I can ssh into the address given me by dyndns (*.homelinux.com), but when I do this I get the warning "reverse mapping checking getaddrinfo for" * "failed - POSSIBLE BREAK-IN ATTEMPT!" This doesn't really matter, as I normally use OpenVPN for

On 17/11/16 16:34, Digimer wrote: > Edit /etc/ssh/sshd_config > > Set: > > UseDNS no > GSSAPIAuthentication no > > Save, restart sshd, try again. This will certainly stop the long timeout, but I prefer telling people to fix their DNS. The long timeout is indicative of a DNS issue and turning off DNS for ssh is just masking the real problem. I prefer to leave DNS on

On Mon, 23 Oct 2023 at 00:43, Thomas K?ller <thomas at koeller.dyndns.org> wrote: > There is a nasty problem when using hostbased authentication: Suggestions: - "host" does DNS lookups, but is your system's nsswitch.conf or equivalent actually configured to use DNS? - have you turned off DNS lookups in sshd with "UseDNS no" in sshd_config? - you could try

Hi All, All of my systems are running 5.4 x64. The are all AMD x64 processors with at least 2gb of RAM in each. I am running SSH on a non standard port. When I SSH into ANY of my systems, I get prompted for my password right away, but after entering, it takes 30+ seconds to get logged in and get a prompt so I can work. I dont quite know what to look for here Does anyone have thoughts? -Jason

There is a nasty problem when using hostbased authentication: [thomas at sarkovy ~]$ journalctl -l -f | grep -Fe 'sshd[' Okt 22 15:20:54 sarkovy sshd[35034]: userauth_hostbased mismatch: client sends htpc.koeller.dyndns.org, but we resolve 192.168.0.2 to 192.168.0.2 Okt 22 15:20:54 sarkovy sshd[35034]: Connection closed by authenticating user thomas 192.168.0.2 port 36284 [preauth] ^C

Hello, I'm trying to set up an sftp (sshfs) service accessible to users with a normal account on a server, but which would be restricted to a subset of the directory hierarchy normally accessible to the users in question, in practice a single directory. The idea would be to allow file access to this directory with a passwordless public key, but keep rest of the users file accessible only with

Can I adjust the ssh daemon to log IP addresses instead of hostnames? I assume this situation is feasible... * 10.10.10.10 attempts to ssh to the server * reverse dns resolves to "somehost.domain.com" * ssh daemon logs "somehost.domain.com" in messages * foward dns on "somehost.domain.com" resolves to 10.10.10.20 Thus it causes some of my scripts a problem if the