Solved SSH doesn't honor "files dns" anymore?

aragats

Daemon

Reaction score: 525
Messages: 1,256

I'm using /etc/hosts to resolve several local hosts for ages, but recently discovered that now (FreeBSD 12.0-RELEASE-p3) ssh tries to resolve them via DNS first which causes huge delays.
I couldn't find any specific setting for that. Am I missing anything?
Thanks for advises!
 

VladiBG

Aspiring Daemon

Reaction score: 243
Messages: 602

You can disable DNS lookup for sshd.

edit
Code:
/etc/ssh/sshd_config

UseDNS no
 
OP
OP
aragats

aragats

Daemon

Reaction score: 525
Messages: 1,256

You can disable DNS lookup for sshd.
Thanks for the direction, however, the ssh daemon has nothing to do with the ssh client: my ssh client delays trying to resolve.
However, I found that there is an option in the client's config /etc/ssh/ssh_config which fixes my issue:
Code:
VerifyHostKeyDNS no
 

obsigna

Aspiring Daemon

Reaction score: 575
Messages: 967

Some time ago, I had a similar issue with delayed ssh login after upgrading to FreeBSD 11.2.

Initially I solved this by switching on the server side to security/openssh-portable, without exactly knowing why this was the fix. Later, I found out, that the port created a whole new set of public-key files into /usr/local/etc/ssh witch got the actual (correct) root@server.domain added to the key, while the original key files in /etc/ssh got an old no more working domain added. Incidently I changed the base domains in the LAN shortly before. Anyway, the actual fix was to refresh the key files. However, some of the machines are multihomed, and on those I removed the root@server.domain hint altogether, in order to prevent any future distortions.
 
Top