Etaoin Shrdlu wrote: > On Wednesday 28 November 2007, Dale wrote: > > >> Billy Holmes wrote: >> >>> that's what the REMOTE machine will do after you connect to it, but >>> before you get a prompt. This can (normally) be configured on an >>> application basis to not do it. >>> >> OK. I read most of it, what I could get a grip on anyway. Basically >> it looks to see if that IP address has a name too. Sort of silly but, >> whatever works I guess. >> > > It does not stop there. It's usually used to prevent spoofing. > > The complete process is more or less as follows: suppose you connect with > a spoofed IP address, then the remote end will do the reverse lookup to > find out your dns name, do a forward lookup with the name it just found, > and see if the resulting IP is the one you are connecting from. > > From man sshd_config: > > UseDNS Specifies whether sshd(8) should look up the remote host name > and check that the resolved host name for the remote IP address > maps back to the very same IP address. The default is ``yes''. >
I was sort of thinking about it helping with that. I just wasn't sure that would work like I was thinking. I suspected it may be a security thing. It seems that most things with Linux are security related anyway. That's pretty cool. Some geek got a great idea. o_O Now it makes good sense. I think it is pretty cool that it does that, even if it messed me up at first. Just wish this wouold have fixed the OP's problem. Thanks. Dale :-) :-) :-)
