[OmniOS-discuss] OpenSSH and reverse DNS
Lauri Tirkkonen
lotheac at iki.fi
Tue Nov 29 11:50:56 UTC 2016
On Tue, Nov 29 2016 13:30:17 +0200, Lauri Tirkkonen wrote:
> On Tue, Nov 29 2016 10:47:10 +0100, Olaf Marzocchi wrote:
> > Dear all,
> > Since I upgraded to OpenSSH I have the following problem with DNS:
> > reverse mapping checking getaddrinfo for hostxxx.retail.telecomitalia.it [_ip_] failed - POSSIBLE BREAK-IN ATTEMPT!
Another interesting thing to note is that this particular log message
was changed in 7.3:
https://github.com/openssh/openssh-portable/commit/e690fe85750e93fca1fb7c7c8587d4130a4f7aba
So it actually may be the *client* that is calling
get_canonical_hostname (which is strange, because only sshd should be
doing that). And so it is:
https://github.com/omniti-labs/omnios-build/blob/master/build/openssh/patches/0015-GSS-API-key-exchange-support.patch#L1652
The culprit is thus the GSSAPI patch (which I personally don't even
agree with, but oh well). I think the option you need to disable in the
client's ssh_config is GSSAPIKeyExchange.
--
Lauri Tirkkonen | lotheac @ IRCnet
More information about the OmniOS-discuss
mailing list