1 |
Etaoin Shrdlu wrote: |
2 |
> On Wednesday 28 November 2007, Dale wrote: |
3 |
> |
4 |
> |
5 |
>> Billy Holmes wrote: |
6 |
>> |
7 |
>>> that's what the REMOTE machine will do after you connect to it, but |
8 |
>>> before you get a prompt. This can (normally) be configured on an |
9 |
>>> application basis to not do it. |
10 |
>>> |
11 |
>> OK. I read most of it, what I could get a grip on anyway. Basically |
12 |
>> it looks to see if that IP address has a name too. Sort of silly but, |
13 |
>> whatever works I guess. |
14 |
>> |
15 |
> |
16 |
> It does not stop there. It's usually used to prevent spoofing. |
17 |
> |
18 |
> The complete process is more or less as follows: suppose you connect with |
19 |
> a spoofed IP address, then the remote end will do the reverse lookup to |
20 |
> find out your dns name, do a forward lookup with the name it just found, |
21 |
> and see if the resulting IP is the one you are connecting from. |
22 |
> |
23 |
> From man sshd_config: |
24 |
> |
25 |
> UseDNS Specifies whether sshd(8) should look up the remote host name |
26 |
> and check that the resolved host name for the remote IP address |
27 |
> maps back to the very same IP address. The default is ``yes''. |
28 |
> |
29 |
|
30 |
I was sort of thinking about it helping with that. I just wasn't sure |
31 |
that would work like I was thinking. I suspected it may be a security |
32 |
thing. It seems that most things with Linux are security related |
33 |
anyway. That's pretty cool. Some geek got a great idea. o_O |
34 |
|
35 |
Now it makes good sense. I think it is pretty cool that it does that, |
36 |
even if it messed me up at first. Just wish this wouold have fixed the |
37 |
OP's problem. |
38 |
|
39 |
Thanks. |
40 |
|
41 |
Dale |
42 |
|
43 |
:-) :-) :-) |