[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: i cannot understand sshd behavior
Hi,
On Mon, 12 Mar 2007, Gustavo Rios wrote:
> I have the following sshd_config (relevant part only):
>
> GSSAPIAuthentication yes
> #GSSAPICleanupCredentials yes
> KerberosAuthentication yes
> KerberosGetAFSToken yes
> KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
>
> When i try to connect to a server by its fqdn no password is request, like
> in:
>
> $ ssh -l sioux foo.my.domain
> Last login: Mon Mar 12 13:18:22 2007 from 10.0.0.250
> Naeser's Law:
> You can make it foolproof, but you can't make it
> damnfoolproof.
> $
>
>
> But, when i try by IP, i get this:
>
> $ ssh -l sioux 10.0.0.1
> sioux@10.0.0.1's password:
> Last login: Mon Mar 12 13:21:17 2007 from 10.0.0.250
> "The subspace W inherits the other 8 properties of V. And there aren't
> even any property taxes."
> -- J. MacKay, Mathematics 134b
> $
>
>
> Why does it happens? I believe i told sshd explicitly not to request
> password, didn't i?
Does the reverse lookup (mapping ip to fqdn) work? Depending on
/etc/nsswitch.conf something like this should give you a fqdn of the
desired host name:
[fuchur] ~ % host 10.0.0.1
Host 1.0.0.10.in-addr.arpa not found: 3(NXDOMAIN)
Cheers,
Andreas
PS: "ssh -vvv" is your friend...
--
| Andreas Haupt | E-Mail: andreas.haupt@desy.de
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216