On Tue, Nov 29 2016 10:47:10 +0100, Olaf Marzocchi wrote: > Dear all, > Since I upgraded to OpenSSH I have the following problem with DNS: > reverse mapping checking getaddrinfo for hostxxx.retail.telecomitalia.it > [_ip_] failed - POSSIBLE BREAK-IN ATTEMPT! > The remote SSH server has always been OenSSH, the issue appeared when the > client (OmniOS) got updated.
Strange - why would the server suddenly start caring about DNS checks if the client was updated? > I have no access to the DNS records. I already have a dynamic DNS configured, > but the reverse one is out of my reach. > > I found online possible solutions and I described the issue also here without > success: > http://superuser.com/questions/1149850/how-to-disable-the-message-reverse-mapping-checking-getaddrinfo-for-xxx-failed > > "UseDNS no" helped me to be able at least to connect, but still I cannot > disable the warning. Since I launch daily rsync backups via cron, I get > emails every morning without any real security issue (in my case). "UseDNS no" sshd option should indeed resolve this -- my reading of both the manual and code is that it prevents sshd from resolving client addresses. If you have console access to the server try 'sshd -T | grep usedns' to see if it actually is using the correct configuration file. I guess that the sshd you're using could also be doing something weird, but in stock 7.3p1 remote_hostname is only called from auth_get_canonical_hostname, which always seems to get options.use_dns from the caller. -- Lauri Tirkkonen | lotheac @ IRCnet _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
