| 1 |
Etaoin Shrdlu wrote: |
| 2 |
> On Wednesday 28 November 2007, Dale wrote: |
| 3 |
> |
| 4 |
> |
| 5 |
>> Billy Holmes wrote: |
| 6 |
>> |
| 7 |
>>> that's what the REMOTE machine will do after you connect to it, but |
| 8 |
>>> before you get a prompt. This can (normally) be configured on an |
| 9 |
>>> application basis to not do it. |
| 10 |
>>> |
| 11 |
>> OK. I read most of it, what I could get a grip on anyway. Basically |
| 12 |
>> it looks to see if that IP address has a name too. Sort of silly but, |
| 13 |
>> whatever works I guess. |
| 14 |
>> |
| 15 |
> |
| 16 |
> It does not stop there. It's usually used to prevent spoofing. |
| 17 |
> |
| 18 |
> The complete process is more or less as follows: suppose you connect with |
| 19 |
> a spoofed IP address, then the remote end will do the reverse lookup to |
| 20 |
> find out your dns name, do a forward lookup with the name it just found, |
| 21 |
> and see if the resulting IP is the one you are connecting from. |
| 22 |
> |
| 23 |
> From man sshd_config: |
| 24 |
> |
| 25 |
> UseDNS Specifies whether sshd(8) should look up the remote host name |
| 26 |
> and check that the resolved host name for the remote IP address |
| 27 |
> maps back to the very same IP address. The default is ``yes''. |
| 28 |
> |
| 29 |
|
| 30 |
I was sort of thinking about it helping with that. I just wasn't sure |
| 31 |
that would work like I was thinking. I suspected it may be a security |
| 32 |
thing. It seems that most things with Linux are security related |
| 33 |
anyway. That's pretty cool. Some geek got a great idea. o_O |
| 34 |
|
| 35 |
Now it makes good sense. I think it is pretty cool that it does that, |
| 36 |
even if it messed me up at first. Just wish this wouold have fixed the |
| 37 |
OP's problem. |
| 38 |
|
| 39 |
Thanks. |
| 40 |
|
| 41 |
Dale |
| 42 |
|
| 43 |
:-) :-) :-) |
Archives