Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

[quote="Guest"]I love how the ads on this site go over the code so you cant read it[/quote]
Fixed. Great feedback though.

I love how the ads on this site go over the code so you cant read it

For the DNS reverse lookup,
Just visit this site http://dnstools.ivorde.ro - DISCONTINUED
It has the best information of IP address, IP address to domain, domain name to IP,domain name, hosting, and ping test to know the particular connection is online or not!!!!!

If there are still problems (slow [i]password[/i] prompt when ssh to the server), you can start sshd in debug mode:
[code]# sshd -ddd[/code]
and attempt to ssh again.

Most probably, the delay will be in the same time with:
[code]...
Trying to reverse map address xx.xx.xx.xx[/code]

This means that there could be problems with the dns servers. Commenting out everything in /etc/resolv.conf will solve the issue.

How to disable [b]ssh daemon reverse lookups[/b] for clients IP addresses.

[h2]What are IP reverse lookups[/h2]
It is the DNS PTR (Pointer) query that maps an IP address to a fully qualified domain name or hostname. IP reverse lookups can be manually resolved with [b]dig[/b] or [b]nslookup[/b] commands:
[code]# dig -x 8.8.8.8 +short
google-public-dns-a.google.com.[/code]

[h2]SSH reverse lookups[/h2]
According to [b]man sshd_config[/b] SSH daemon will do a reverse lookup of incoming connection source IP and then it will do another lookup of the returned FQDN.
[quote] UseDNS Specifies whether sshd(8) should look up the remote host name and
check that the resolved host name for the remote IP address maps
back to the very same IP address. The default is ``yes''.[/quote]

As in the example above, let's say google IP 8.8.8.8 connects to a ssh server with reverse dns lookups enabled, the SSH daemon will check PTR record of the 8.8.8.8 IP address and then will do an A lookup for the returned hostname. Let's see this in TCPDUMP:
[code]12:08:52.791163 IP 192.168.1.100.11535 > 10.1.1.1.22: Flags [S], seq 1362762187, win 65535, options [mss 1360,nop,wscale 6,sackOK,TS val 1799736819 ecr 0], length 0
12:08:53.307320 IP 10.1.1.1.54181 > 172.17.82.2.53: 58113+ PTR? 100.1.168.192.in-addr.arpa. (40)
12:08:54.515019 IP 172.17.82.2.53 > 10.1.1.1.54181: 58113 1/2/0 PTR host100.domain.com. (106)
12:08:54.515701 IP 10.1.1.1.46059 > 172.17.82.2.53: 22066+ A? host100.domain.com. (34)
12:08:54.520213 IP 172.17.82.2.53 > 10.1.1.1.46059: 22066 1/2/2 A 192.168.1.100 (118)[/code]

If the DNS server fails to respond, sshd (or at least older versions) will hang for a long time and most clients will timeout.

Detecting your ssh version:
[code]~ ssh -V
OpenSSH_4.7p1 FreeBSD-openssh-portable-4.7.p1_1,1, OpenSSL 0.9.8g 19 Oct 2007
[/code]

[h2]SSH disable reverse lookups for IP and hostname[/h2]
If your version is more recent (above4), you can disable ssh reverse lookups by uncommending or adding the following line to [b]sshd_config[/b] file:
[code]UseDns no[/code]

Otherwise, if the remote system is running ssh daemon version is 3 (not the protocol, but software version), uncoment the following line in the same [b]sshd_config[/b] file:
[code]
VerifyReverseMapping No[/code]

SSH daemon needs to be restarted so the changes can take effect.