Re: Angriff auf SSH

From: Oliver Fromme <olli(at)lurza.secnetix.de>
Date: Wed, 2 Nov 2005 13:53:16 +0100 (CET)

Dieter Rauschenberger <dr(at)d-ra.de> wrote:
> VerifyReverseMapping yes
>
> In der sshd_config. Ist sie Syntax so richtig?

Ja, die Syntax stimmt.

> root(at)a3:/etc/rc.d# uname -a
> FreeBSD a3.d-ra.net 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #4: Tue Oct

Ich verwende ein aktuelles 4-stable. 5.x boykottiere ich
weitgehend. :-)

> In der Manpage SSHD_CONFIG(5) steht nichts über VerifyReverseMapping.
> Aber dafür:
>
> UseDNS Specifies whether sshd should lookup the remote host name
> and check that the resolved host name for the remote IP
> address maps back to the very same IP address. The default is
> ``yes''.

Aus der manpage bei 4-stable:

VerifyReverseMapping
        Specifies whether sshd should try to verify the remote
        host name and check that the resolved host name for the
        remote IP address maps back to the very same IP address.
        The default is ``no''.

Klingt also so, als wenn die Option exakt dasselbe tut,
nur der Name hat sich geändert (und der Default).

Gruß
   Olli

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
Passwords are like underwear.  You don't share them,
you don't hang them on your monitor or under your keyboard,
you don't email them, or put them on a web site,
and you must change them very often.
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-bsd-questions" in the body of the message
Received on Wed 02 Nov 2005 - 13:54:18 CET

search this site