# Ssh & dns



## vipul_ji (Nov 19, 2008)

i am using Free BSD 4.11, I wand to disable reverse lookup for DNS while doing SSH.

my problem is if I have configured any name server and my internet is not working than I can not do SSH on my machine.


I tried with 
"VerifyReverseMapping no"

in sshd_cinfig file but is doesn't help.

plz any one can tell me how to avoid that.


----------



## SirDice (Nov 19, 2008)

Add the hostname and IP to /etc/hosts.


----------



## Alt (Nov 19, 2008)

# grep -i dns /etc/ssh/sshd_config
UseDNS no

Try this config parameter


----------



## gordon@ (Nov 19, 2008)

You can still SSH to the machine, you just have to be patient. I believe sshd waits about 60 or 90 seconds on the dns timeout, so you will eventually connect, it just takes a really long time.


----------



## brucec@ (Nov 22, 2008)

Alt said:
			
		

> # grep -i dns /etc/ssh/sshd_config
> UseDNS no
> 
> Try this config parameter



Unfortunately that option was broken for a long time and has only recently been fixed in -CURRENT and -STABLE - until it was fixed there was always a single DNS lookup that couldn't be avoided.  For details, see http://lists.freebsd.org/pipermail/svn-src-head/2008-October/000270.html


----------



## vipul_ji (Nov 25, 2008)

i tried all the method explain above but still not able to connect.

My sshd_config looks like

#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
Protocol 2 
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server


please advice me what to do next.

thanks


----------



## Vye (Nov 25, 2008)

You restarted sshd after you added those options to your sshd_config right? (sorry, I have to ask)

if so, I'd try adding sshd_flags="-d" to your rc.conf then restart sshd and try to connect again. I'd also use -v with your ssh client. Check /var/log/messages as well.


----------



## vipul_ji (Nov 26, 2008)

yes i restarted the sshd even i restarted the system itself.


----------



## vipul_ji (Nov 26, 2008)

is there something related to forward lookup or something like that?


----------



## vipul_ji (Dec 3, 2008)

is there any code inside openssh in freeBSD4.11 where I can comment to lookup for DNS?


----------

