Hello!
On Tue, 21 Nov 2006, Stephen Montgomery-Smith wrote:
I remember a discussion about this maybe a few years ago. I recall that it
is basically impossible to stop ssh from looking up DNS addresses. The
I'm still wondering why OpenSSH is _so_ inferior to SSH.COM's ssh2
(which is also open-source)? In the later product the following line in
/usr/local/etc/ssh2/sshd2_config:
ResolveClientHostName no
_actually_ prevents DNS reverse lookups by the sshd2 (just checked it,
my test machine has ssh2-nox11-3.2.9.1_5 installed from ports). It's not
the only option which present in ssh2 while absent in OpenSSH, second
very useful one is:
AuthInteractiveFailureTimeout 10
which make SSH-password-guessing robots to give up after the first attempt ;)
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: [EMAIL PROTECTED]
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
