PHWinfo - Afficher un message

30/11/2006, 23h38

In article <1164673268.074005.315100@n67g2000cwd.googlegroups .com>
"Nico" <nkadel@gmail.com> writes:
>
>David Kelly wrote:
>> Richard E. Silverman wrote:
>> > Did you try sshd -u0 ?
>>
>> Yes. No better.
>>
>> The only thing which worked was to define a local domain in named. I
>> didn't explore expansion of /etc/hosts as I felt a local caching name
>> server was something other machines on our inside network would benefit.
>>
>> In years past simply listing clients one wishes to connect from in
>> /etc/hosts was enough to pacify sshd on FreeBSD. As I said above, didn't
>> try that this time.
>
>I'm really startled that starting the daemon with "sshd -u0" didn't
>work for you: that hack has worked for quite somem time. Of course,
>FreeBSD is its own support adventure, so it's conceivable something odd
>was introduced.

Well, there are some changes relative to the "standard" portable OpenSSH
in the version that is in the FreeBSD base system (likewise in some
Linux distributions, I would guess), but I don't think changing the
semantics of -u is among them. Most likely culprit is tcp_wrappers -
i.e. the FreeBSD version is built with the (standard OpenSSH) libwrap
support enabled (likewise in most Linux distributions, I would guess),
and libwrap is very fond of doing DNS lookups - maybe to the point of
doing them even if you don't have anything in hosts.allow/deny that
requires them.

--Per Hedeland
per@hedeland.org

30/11/2006, 23h38	#7
Per Hedeland Messages: n/a Hébergeur:	Re: Time to connect to a freebsd box In article <1164673268.074005.315100@n67g2000cwd.googlegroups .com> "Nico" <nkadel@gmail.com> writes: > >David Kelly wrote: >> Richard E. Silverman wrote: >> > Did you try sshd -u0 ? >> >> Yes. No better. >> >> The only thing which worked was to define a local domain in named. I >> didn't explore expansion of /etc/hosts as I felt a local caching name >> server was something other machines on our inside network would benefit. >> >> In years past simply listing clients one wishes to connect from in >> /etc/hosts was enough to pacify sshd on FreeBSD. As I said above, didn't >> try that this time. > >I'm really startled that starting the daemon with "sshd -u0" didn't >work for you: that hack has worked for quite somem time. Of course, >FreeBSD is its own support adventure, so it's conceivable something odd >was introduced. Well, there are some changes relative to the "standard" portable OpenSSH in the version that is in the FreeBSD base system (likewise in some Linux distributions, I would guess), but I don't think changing the semantics of -u is among them. Most likely culprit is tcp_wrappers - i.e. the FreeBSD version is built with the (standard OpenSSH) libwrap support enabled (likewise in most Linux distributions, I would guess), and libwrap is very fond of doing DNS lookups - maybe to the point of doing them even if you don't have anything in hosts.allow/deny that requires them. --Per Hedeland per@hedeland.org