Delay when logginng in to FC5 via ssh

Don Russell fedora at drussell.dnsalias.com
Tue May 16 01:39:43 UTC 2006


Todd Zullinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Don Russell wrote:
>   
>> What is doing the "reverse lookup"? And can I just turn that off? It
>> doesn't seem to make much sense to me that I add complexity in the
>> form of a dns server that does little more than convert the ip
>> address brom binary form to printable characters. I'd rather just
>> skip the reverse lookup altogether.
>>
>> Am I missing some fundamental philosophy here? What's the point of
>> reverse look ups in such cases?
>>     
>
> Sshd does this so it can apply the tcp-wrappers rules from
> /etc/hosts.allow and /etc/hosts.deny.
>
> Set "UseDNS no" option in /etc/ssh/sshd_config to disable this.

Since /etc/hosts.allow and /etc/hosts.deny contain only comments, this 
seems like a good idea.
I now have "UseDNS no".... working great. :-) That solved 50% of my 
current problem set.... sounds like there is a similar solution for my 
smtp server...

Thanks...




More information about the fedora-list mailing list