Ivorde Unix/Linux/Database/Web/Mail Forum
Register
Advanced search
FAQ
View unanswered posts
View active topics
It is currently Tue Feb 07, 2012 11:54 pm

ROOT ‹ FreeBSD, Linux and AIX ‹ Server and Network Security ‹ Ssh disable DNS reverse lookups

Firewals, computer, server and network security, kernel and applications security of FreeBSD/Linux/AIX systems.

Post a reply
Bookmark this article:

Ssh disable DNS reverse lookups
« Previous topic | Next topic »
Author Message
debuser
  Post  Post subject: Ssh disable DNS reverse lookups  |  Posted: Thu Apr 01, 2010 6:03 pm

Joined: Thu Aug 06, 2009 9:48 am
Posts: 90

Offline
Save on Delicious
How to disable ssh daemon reverse IP lookups for clients.

By default, sshd will do a ptr lookup for the IP where a client connects from. If the DNS server fails to respond, sshd (or at least older versions) will hang for a long time and most clients will timeout.

Detecting your ssh version:
Code:
~  ssh -V
OpenSSH_4.7p1 FreeBSD-openssh-portable-4.7.p1_1,1, OpenSSL 0.9.8g 19 Oct 2007



If your version is more recent (above4), you can disable ssh reverse lookups by uncommending or adding the following line to sshd_config file:
Code:
UseDns no


Otherwise, if ssh version is 3 (not the protocol, but software version), uncoment the following line in the same file:
Code:
VerifyReverseMapping No


SSH daemon needs to be restarted so the changes can take effect.
Top
debuser
Post  Post subject: Re: Ssh disable DNS reverse lookups  |  Posted: Fri Apr 02, 2010 11:28 am

Joined: Thu Aug 06, 2009 9:48 am
Posts: 90

Offline
If there are still problems (slow password prompt when ssh to the server), you can start sshd in debug mode:
Code:
# sshd -ddd

and attempt to ssh again.

Most probably, the delay will be in the same time with:
Code:
...
Trying to reverse map address xx.xx.xx.xx


This means that there could be problems with the dns servers. Commenting out everything in /etc/resolv.conf will solve the issue.
Top
prabu
Post  Post subject: Re: Ssh disable DNS reverse lookups  |  Posted: Mon Feb 07, 2011 3:42 pm

Joined: Mon Feb 07, 2011 3:36 pm
Posts: 2

Offline
For the DNS reverse lookup,
Just visit this site http://dnstools.ivorde.ro
It has the best information of IP address, IP address to domain, domain name to IP,domain name, hosting, and ping test to know the particular connection is online or not!!!!!
Top
Display posts from previous:  Sort by  
 Print view
Post a reply
Who is online
Users browsing this forum: No registered users and 0 guests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


ROOT ‹ FreeBSD, Linux and AIX ‹ Server and Network Security
Delete all board cookies | The team | All times are UTC + 2 hours [ DST ]

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
DAJ Glass 2 template created by Dustin Baccetti

phpBB SEO