|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] sshd_exchange_identification problem
|
On Thu, May 10, 2001 at 11:43:26AM -0400, MaD dUCK wrote:
> meanwhile, piper's /var/log/auth.log lists this:
>
> May 10 11:14:35 piper sshd[9765]: warning: /etc/hosts.deny, line 15:
> can't verify hostname: gethostbyname(d235.sproul.swarthmore.edu) failed
> May 10 11:14:35 piper sshd[9765]: refused connect from 130.58.82.235
>
> hosts.deny:15 is obviously ALL: PARANOID.
>
> before the reinstall, this machine could successfully connect to piper
> with the same DNS setup. however, now it doesn't work and i am
> think that it's the ALL: PARANOID entry, which i speculate did not
> exist previously.
This is your problem:
grappa:~% host d235.sproul.swarthmore.edu
Host not found.
This is why PARANOID in hosts.deny is actually a pretty bad idea.
Any hostname with a broken reverse DNS (and there are plenty of
really dumb ISPs that do this regularly) will not be allowed to
connect.
It has nothing to do with the fact that you're secretly doing
different reverse mappings in ns1.madduck.net (which you really
shouldn't do, but it doesn't matter much here). It has everything to
do with what oak.cc.swarthmore.edu maps 130.58.82.235 to does NOT
map back to an IP.
Hey, Adam, you out there?
~ g r @ eclipsed.net
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|