getnameinfo(), PrivSep, FreeBSD 4.1.1
Gert Doering
gert at greenie.muc.de
Tue Jun 25 23:21:05 EST 2002
Hi,
I spent the last couple of hours scratching my head about a problem on
FreeBSD 4.1.1 with OpenSSH 3.3p1.
Without privsep:
debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
debug1: Rhosts RSA authentication: canonical host moebius2.space.net
debug2: auth_rhosts2: clientuser gert hostname moebius2.space.net ipaddr 195.30.1.100
With privsep:
debug3: mm_auth_password: user not authenticated
debug3: mm_request_receive entering
debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
<long pause>
Could not reverse map address 195.30.1.100.
debug1: Rhosts RSA authentication: canonical host 195.30.1.100
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
This happens both with the library getnameinfo() and with the
openbsd-compat/fake-getnameinfo one. It happens only for ssh-1 connections
and only if RhostsRSAAuthentication is enabled (which I currently can't
completely get rid of).
On more recent FreeBSD systems [4.4 and up], PrivSep works just fine, no
weird hangs due to reverse DNS failing.
Any ideas what could be causing this? Why is this lookup needed at all?
(RhostsAuthentication is off, RhostsRSAAuthentication doesn't use the
IP->Hostname relation for the .*hosts lookup anyway)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list