Check /etc/pam.d/sshd and see what's being loaded. Then, look for the documentation on each of the PAM modules, and you should (if it's properly documented, which almost all PAM modules seem to be) be able to figure out which is doing the name check.
You haven't stated why you're averse to this check, though. The alternative is that sshd is not spawned by itself, but rather through inetd or xinetd. If that is the case, then tcpwrappers may be involved. You would need to look at your system's setup to identify how sshd is invoked, and if it constantly stays around as a daemon process. I'm surprised you haven't noticed a reverse connection back to port 113 (ident). In any case, once again, this is not the correct list to be asking about this issue on. Find the sshd users mailing list, and ask there. -Kyle H On Thu, Apr 29, 2010 at 8:02 AM, barx <barx...@hotmail.com> wrote: > > > wolfoftheair wrote: >> >> The question that I'd ask, though, is "do you know which component >> would do it? Is it perhaps a PAM in your system that is queried by >> the sshd to perform host-based blocking?" >> > > I don't know which component do it exactly. Is there a way other than strace > to know it ? > > thanks > -- > View this message in context: > http://old.nabble.com/Why-sshd-makes-a-PTR-dns-request-after-receiving-user%27s-name---tp28391111p28401776.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
