Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Fri Dec 01, 2023 2:42 pm

Message body:
Enter your message here, it may contain no more than 60000 characters. 

:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
Font colour
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.

Topic review - Ssh disable DNS reverse lookups
Author Message
Post subject: Re: Ssh disable DNS reverse lookups  |  Post Posted: Wed Mar 04, 2015 5:33 am
Guest wrote:
I love how the ads on this site go over the code so you cant read it

Fixed. Great feedback though.
Post subject: Re: Ssh disable DNS reverse lookups  |  Post Posted: Tue Mar 03, 2015 7:28 pm
I love how the ads on this site go over the code so you cant read it
Post subject: Re: Ssh disable DNS reverse lookups  |  Post Posted: Mon Feb 07, 2011 8:42 am
For the DNS reverse lookup,
Just visit this site - DISCONTINUED
It has the best information of IP address, IP address to domain, domain name to IP,domain name, hosting, and ping test to know the particular connection is online or not!!!!!
Post subject: Re: Ssh disable DNS reverse lookups  |  Post Posted: Fri Apr 02, 2010 4:28 am
If there are still problems (slow password prompt when ssh to the server), you can start sshd in debug mode:
# sshd -ddd

and attempt to ssh again.

Most probably, the delay will be in the same time with:
Trying to reverse map address xx.xx.xx.xx

This means that there could be problems with the dns servers. Commenting out everything in /etc/resolv.conf will solve the issue.
Post subject: Ssh disable DNS reverse lookups  |  Post Posted: Thu Apr 01, 2010 11:03 am
How to disable ssh daemon reverse lookups for clients IP addresses.

What are IP reverse lookups

It is the DNS PTR (Pointer) query that maps an IP address to a fully qualified domain name or hostname. IP reverse lookups can be manually resolved with dig or nslookup commands:
# dig -x +short

SSH reverse lookups

According to man sshd_config SSH daemon will do a reverse lookup of incoming connection source IP and then it will do another lookup of the returned FQDN.
UseDNS Specifies whether sshd(8) should look up the remote host name and
check that the resolved host name for the remote IP address maps
back to the very same IP address. The default is ``yes''.

As in the example above, let's say google IP connects to a ssh server with reverse dns lookups enabled, the SSH daemon will check PTR record of the IP address and then will do an A lookup for the returned hostname. Let's see this in TCPDUMP:
12:08:52.791163 IP > Flags [S], seq 1362762187, win 65535, options [mss 1360,nop,wscale 6,sackOK,TS val 1799736819 ecr 0], length 0
12:08:53.307320 IP > 58113+ PTR? (40)
12:08:54.515019 IP > 58113 1/2/0 PTR (106)
12:08:54.515701 IP > 22066+ A? (34)
12:08:54.520213 IP > 22066 1/2/2 A (118)

If the DNS server fails to respond, sshd (or at least older versions) will hang for a long time and most clients will timeout.

Detecting your ssh version:
~  ssh -V
OpenSSH_4.7p1 FreeBSD-openssh-portable-4.7.p1_1,1, OpenSSL 0.9.8g 19 Oct 2007

SSH disable reverse lookups for IP and hostname

If your version is more recent (above4), you can disable ssh reverse lookups by uncommending or adding the following line to sshd_config file:
UseDns no

Otherwise, if the remote system is running ssh daemon version is 3 (not the protocol, but software version), uncoment the following line in the same sshd_config file:
VerifyReverseMapping No

SSH daemon needs to be restarted so the changes can take effect.
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]