On 18 juil. 2018, at 22:25, Grzegorz Junka <li...@gjunka.com> wrote:
>
> I am interested what security precaution FreeBSD is trying to do here. Is the
> sshd server receiving an ssh login request from an IP, that can't be resolved
> back to a domain in the reverse DNS (PTR) record for that IP?
this is quite usual with some ISP:
$ host 62.254.132.162
162.132.254.62.in-addr.arpa domain name pointer
162.132-254-62.static.virginmediabusiness.co.uk.
$ host 162.132-254-62.static.virginmediabusiness.co.uk
Host 162.132-254-62.static.virginmediabusiness.co.uk not found: 3(NXDOMAIN)
it's not a feature of FreeBSD, it's a feature of OpenSSH.
From man sshd_config:
UseDNS Specifies whether sshd(8) should look up the remote host name,
and to check that the resolved host name for the remote IP
address maps back to the very same IP address.
If this option is set to “no”, then only addresses and not host
names may be used in ~/.ssh/known_hosts from and sshd_config
Match Host directives. The default is “yes”.
Patrick
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
