[openssh-commits] [openssh] 03/04: Only set PAM_RHOST if the remote host is not "UNKNOWN"
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Oct 7 20:33:15 AEDT 2025
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch V_10_1
in repository openssh.
commit acb690b499e0ec2ce37869c26133615762f53cab
Author: Daan De Meyer <daan.j.demeyer at gmail.com>
AuthorDate: Mon Mar 20 20:22:14 2023 +0100
Only set PAM_RHOST if the remote host is not "UNKNOWN"
When using sshd's -i option with stdio that is not a AF_INET/AF_INET6
socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then
set as the value of PAM_RHOST, causing pam to try to do a reverse DNS
query of "UNKNOWN", which times out multiple times, causing a
substantial slowdown when logging in.
To fix this, let's only set PAM_RHOST if the hostname is not "UNKNOWN".
---
auth-pam.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/auth-pam.c b/auth-pam.c
index 5dee7601b..5591f094e 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -758,7 +758,7 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
sshpam_laddr = get_local_ipaddr(
ssh_packet_get_connection_in(ssh));
}
- if (sshpam_rhost != NULL) {
+ if (sshpam_rhost != NULL && strcmp(sshpam_rhost, "UNKNOWN") != 0) {
debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
sshpam_rhost);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list