On Sat, 24 Apr 2010, Robin Axelsson wrote:
>But the server doesn't have any DNS associated with it and I don't want
>it to. I don't understand what to check. There used to be a UseDNS
>parameter in the /etc/ssh/sshd_conf file but it seems to be removed in
>the OpenSolaris version of ssh.
SunSSH does not have UseDNS keyword. We still use
VerifyReverseMapping. That's "no" by default but the problem is that we
inherite an old OpenSSH bug back then when we forked which causes that
the IP address is being resolved (not verified) even when
VerifyReverseMapping is set to "no". The whole verification stuff is not
optimal and that's why OpenSSH introduced UseDNS and abandoned
VerifyReverseMapping.
if you can resolve www.google.com that still doesn't mean you
can successfully resolve 74.125.39.99. If that times out, that's the
problem.
there is a bug filed against SunSSH:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6593370
the problem is that it's not as easy to fix as it might look
since we cannot break the backward compatibility.
the workaround doesn't have to be to have a reverse mapping for
the client IP address but to set it up so that you get an immediate
response from the system that there is not such reverse, without a
delay.
cheers, J.
--
Jan Pechanec
http://blogs.sun.com/janp
_______________________________________________
opensolaris-discuss mailing list
[email protected]
