> On Nov 29, 2016, at 6:50 AM, Lauri Tirkkonen <loth...@iki.fi> wrote: > > On Tue, Nov 29 2016 13:30:17 +0200, Lauri Tirkkonen wrote: >> On Tue, Nov 29 2016 10:47:10 +0100, Olaf Marzocchi wrote: >>> Dear all, >>> Since I upgraded to OpenSSH I have the following problem with DNS: >>> reverse mapping checking getaddrinfo for hostxxx.retail.telecomitalia.it >>> [_ip_] failed - POSSIBLE BREAK-IN ATTEMPT! > > Another interesting thing to note is that this particular log message > was changed in 7.3: > https://github.com/openssh/openssh-portable/commit/e690fe85750e93fca1fb7c7c8587d4130a4f7aba > > So it actually may be the *client* that is calling > get_canonical_hostname (which is strange, because only sshd should be > doing that). And so it is: > https://github.com/omniti-labs/omnios-build/blob/master/build/openssh/patches/0015-GSS-API-key-exchange-support.patch#L1652 > > The culprit is thus the GSSAPI patch (which I personally don't even > agree with, but oh well). I think the option you need to disable in the > client's ssh_config is GSSAPIKeyExchange.
That GSSAPI patch is there for people who needed it with SunSSH. If the patch is problematic, it should be fixed. The illumos community is a good place to discuss this, even if the patch isn't part of illumos per se. Dan _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss