AllowUsers not working under certain conditions

Peter Stuge stuge-openssh-unix-dev at cdy.org
Fri Nov 18 05:55:13 EST 2005


On Thu, Nov 17, 2005 at 12:50:53PM -0000, Donald Fraser wrote:
> The user donald can connect from the local sub-net specified IP
> address but cannot connect from an external domain that matches the
> pattern *mydomain.com. The only way I can get the user donald to
> connect on the external domain is by putting the exact IP address
> in the AllowUsers option, which is not particularly useful as it is
> a dynamically changing IP address.

Does the PTR record for the IP address change along with the
A record for the name? I assume sshd does a reverse-lookup of the
IP-adress, otherwise it would be completely trivial to bypass the
check.


//Peter




More information about the openssh-unix-dev mailing list