In /etc/ssh/sshd_config file, the default answer is yes; and if this line not shown in the config file, add it:
UseDNS no
By default, this directive tells the sshd process to check resolved host name for the connected client's IP address maps back to the very same IP address or not. "no" tells it to do the opposite.
Older sshd daemons use:
VerifyReverseMapping no
However, it does not prevent the sshd server from performing any DNS lookups at all. That's not the purpose of that directive. In order to remove DNS lookups completely, you have to use the -u0 option when starting sshd server. So...
On RHEL, in /etc/sysconfig/sshd add:
OPTIONS="-u0"
On SLES boxes, in /etc/sysconfig/ssh add:
SSHD_OPTS="-u0"
On Ubuntu boxes, in /etc/default/ssh add:
SSHD_OPTS="-u0"
This option will has the sshd daemon not put hostnames into the utmp structure (what you see when you type "who" at the shell prompt) - which means that sshd will not perform DNS lookups for that purpose. However (there's always a however) there are still cases where a lookup has to be performed, such as when a user has
"from="
and like entries in the authorized_keys file, or when authentication methods or configuration directives are used that involve hostnames. Keeping that in mid...
No comments:
Post a Comment