getnameinfo(), PrivSep, FreeBSD 4.1.1

Gert Doering gert at greenie.muc.de
Tue Jun 25 23:21:05 EST 2002


Hi,

I spent the last couple of hours scratching my head about a problem on
FreeBSD 4.1.1 with OpenSSH 3.3p1.

Without privsep:

debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
debug1: Rhosts RSA authentication: canonical host moebius2.space.net
debug2: auth_rhosts2: clientuser gert hostname moebius2.space.net ipaddr 195.30.1.100

With privsep:

debug3: mm_auth_password: user not authenticated
debug3: mm_request_receive entering
debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
<long pause>
Could not reverse map address 195.30.1.100.
debug1: Rhosts RSA authentication: canonical host 195.30.1.100
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20

This happens both with the library getnameinfo() and with the 
openbsd-compat/fake-getnameinfo one.  It happens only for ssh-1 connections 
and only if RhostsRSAAuthentication is enabled (which I currently can't 
completely get rid of).

On more recent FreeBSD systems [4.4 and up], PrivSep works just fine, no
weird hangs due to reverse DNS failing.

Any ideas what could be causing this?  Why is this lookup needed at all?
(RhostsAuthentication is off, RhostsRSAAuthentication doesn't use the
IP->Hostname relation for the .*hosts lookup anyway)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de



More information about the openssh-unix-dev mailing list