Project

General

Profile

Bug #4877

sshd never resolves client name in default configuration

Added by Brian De Wolf about 6 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2014-05-21
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

In the default configuration, LookupClientHostnames is "yes" and VerifyReverseMapping is "no". However, if VerifyReverseMapping is set to "no" sshd does not do any reverse lookups, regardless of the value of LookupClientHostnames.

It looks like #1848 might have caused this issue by making VerifyReverseMapping control whether or not the lookup occurs, rather than LookupClientHostnames.

History

#1

Updated by Andy Fiddaman about 5 years ago

I've hit the same issue when migrating from Solaris 10 to OmniOS.
I think the fix for #1848 should be backed out.

Reverse lookups are controlled by LookupClientHostnames and that option works as documented.

However, even with 'LookupClientHostnames off' it is possible that sshd will perform reverse lookups if required by the selected authentication/a/a framework. For example, if it finds a from= token in authorized_keys. This isn't a bug.

#2

Updated by Yuri Pankov about 3 years ago

  • Status changed from New to Closed

sunssh is no more.

Also available in: Atom PDF