Bug #4877
closed
sshd never resolves client name in default configuration
0%
Description
In the default configuration, LookupClientHostnames is "yes" and VerifyReverseMapping is "no". However, if VerifyReverseMapping is set to "no" sshd does not do any reverse lookups, regardless of the value of LookupClientHostnames.
It looks like #1848 might have caused this issue by making VerifyReverseMapping control whether or not the lookup occurs, rather than LookupClientHostnames.
Updated by Andy Fiddaman about 7 years ago
I've hit the same issue when migrating from Solaris 10 to OmniOS.
I think the fix for #1848 should be backed out.
Reverse lookups are controlled by LookupClientHostnames and that option works as documented.
However, even with 'LookupClientHostnames off' it is possible that sshd will perform reverse lookups if required by the selected authentication/a/a framework. For example, if it finds a from= token in authorized_keys. This isn't a bug.
Updated by