[Bug 549] Login Delay / Remove unwanted reverse map check

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun May 11 08:09:39 EST 2003


------- Additional Comments From devin.nate at bridgecomm.net  2003-05-11 08:09 -------
Hey Ben;

I'm pretty sure that this is a universial issue. Basically it boils down to the
fact that neither -u0 nor any other configuration paramater will stop the block
of code I first wrote about (in particular, getnameinfo(... NI_NAMERAQD) in
canohost.c) from executing. sshd will always resolve an ip address to host name
if it can (i.e. if DNS succeeds) - you cannot stop it. You can stop it from
using that information, but you can't stop it from inquiring about it.

To your point about bad resolver behavior, I suppose it may or may not be.
However, regardless of what you do, sshd WILL try to use the resolver. And the
DNS system does leave potential for delays due to resolution, which may fail at
the end. It happens. I'm trying to get some sort of configuration option telling
sshd NOT to do that getnameinfo() call built into OpenSSH.

Which brings me to the next question: I cannot commit changes to the OpenSSH
code myself - how does that process work? Darren, you seem extremely active in
the OpenSSH community. Is the current patch good enough.. should I be
writing/submitting a patch to make a new sshd_config option.. what's the status
of this?


------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list