LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-05-2011, 07:37 AM   #1
harmandeep
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Rep: Reputation: 0
Question HOWTO : Disable Reverse Name Resolution Security Procedure at SSH Client End


Setup follows as :-

(1) http://www.linuxquestions.org/questi...tempts-839740/
Then follow below text :-

Guys, as suggested above in (1) is to configure SSHD config. so as to prevent above msgs to incurr in SSHD Server /var/log/secure (or the one configured).

Now same sort of MSG PROMPT are also generated on SSH Client,
which can be are viewable using -v option and also without -v option, depicted below ...

SSH Client :-

[root@rhel-52-01]# ssh root@49.201.15.213 -p 12547 -v {Output Excerpt}

reverse mapping checking getaddrinfo for static-213.15.201.49.tataidc.co.in failed - POSSIBLE BREAK-IN ATTEMPT!



SSHD Daemon (Server) : SSHD /var/log/secure EXCERPT:-

Sep 14 02:15:34 rhel-52-01 sshd[27925]: reverse mapping checking getaddrinfo for static-078.244.156.182.tataidc.co.in failed - POSSIBLE BREAK-IN ATTEMPT!

Now for SSHD, UseDNS directive does the job of not attempting Reverse name
resolution for verifying INCOMING SSH Client DNS Authenticity.( as said above)


Now, is there any option to configure SSH Client component( @ the Client END ),so it doesn't attempts REVERSE name Resolution ( as seen in ABOVE TRUNCATED Output of ssh -v ) ???

Regards
 
Old 10-05-2011, 08:17 AM   #2
rodrifra
Member
 
Registered: Mar 2007
Location: Spain
Distribution: Ubuntu
Posts: 199

Rep: Reputation: 36
Have you tried the same as for the server but in your config file ~/.ssh/config?
 
Old 10-06-2011, 04:28 PM   #3
harmandeep
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
Exclamation

i had used Global Config files ... i.e. beneath /etc
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable telnet command from Linux client end ! shipon_97 Linux - Newbie 7 07-23-2011 12:34 AM
Security: disable ssh-1 mcnalu Slackware 4 04-10-2008 02:00 AM
Howto disable dynamic port forwardings in ssh? pelikan81 Linux - Networking 1 01-05-2008 03:08 AM
Reverse SSH to remote client behind a firewall metallica1973 Linux - Networking 7 06-09-2007 10:51 PM
Security of ~/.ssh ?? for client end ? michael_util Linux - Security 1 02-09-2005 08:40 PM


All times are GMT -5. The time now is 01:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration