Macintosh ssh

Discussion in 'NZ Computing' started by Shane, Jun 18, 2006.

  1. Shane

    Shane Guest

    Can anyone tell me why Macs _need_ rdns on ip before they will ssh in?
    ie. If I try to ssh into 192.168.0.33 from a mac, that ip _must_ have rdns
    setup else its a no go
    1) how do I stop this
    2) can I do something to prevent this client side (ie on the mac)
    --
    Rule 6: There is no rule 6

    Blog: http://shanes.dyndns.org
    Shane, Jun 18, 2006
    #1
    1. Advertising

  2. Shane

    Steve Guest

    On Sun, 18 Jun 2006 12:02:29 +1200, Shane wrote:

    > Can anyone tell me why Macs _need_ rdns on ip before they will ssh in?
    > ie. If I try to ssh into 192.168.0.33 from a mac, that ip _must_ have rdns
    > setup else its a no go
    > 1) how do I stop this
    > 2) can I do something to prevent this client side (ie on the mac)


    Try looking at the VeriftyReverseMapping flag in sshd_config
    Steve, Jun 18, 2006
    #2
    1. Advertising

  3. Shane

    Shane Guest

    Steve wrote:

    > On Sun, 18 Jun 2006 12:02:29 +1200, Shane wrote:
    >
    >> Can anyone tell me why Macs _need_ rdns on ip before they will ssh in?
    >> ie. If I try to ssh into 192.168.0.33 from a mac, that ip _must_ have
    >> rdns setup else its a no go
    >> 1) how do I stop this
    >> 2) can I do something to prevent this client side (ie on the mac)

    >
    > Try looking at the VeriftyReverseMapping flag in sshd_config



    Ive passed that along to the mac owner, should you be right you get half a
    choc fish ;-)
    --
    Rule 6: There is no rule 6

    Blog: http://shanes.dyndns.org
    Shane, Jun 18, 2006
    #3
  4. Shane

    David Empson Guest

    Shane <-a-geek.net> wrote:

    > Can anyone tell me why Macs _need_ rdns on ip before they will ssh in?
    > ie. If I try to ssh into 192.168.0.33 from a mac, that ip _must_ have rdns
    > setup else its a no go


    Mine doesn't. For example, I can ssh into myself (using my Ethernet IP
    address or the loopback address) without a valid DNS "PTR" record in
    either case, and I am able to connect to myself without error messages
    (apart from the usual warning upon first connection to an unknown host).

    I don't have another SSH server handy to test with.

    > 1) how do I stop this
    > 2) can I do something to prevent this client side (ie on the mac)


    Which version of Mac OS is the machine in question running?

    Has it had a third-party version of SSH installed, or is it still using
    the Apple-supplied copy of OpenSSH? (Use ssh -V to check.)

    Has any customization been done to its SSH configuration, e.g. the
    /etc/ssh_config file? Mine (unmodified) has all lines commented out.

    For comparison: I'm on MacOS X 10.4.6, with all current security
    updates, and my SSH is OpenSSH 3.8.1p1 (as supplied by Apple).

    From looking through the man pages and the SSH book from O'Reilly, I
    can't even find any options to configure the client side to verify the
    server by a reverse DNS lookup. There is such an option for the server
    side (UseDNS), but it is off by default, and it would apply to all
    clients.

    There is a loosely related option "VerifyHostKeyDNS" which looks up
    "SSHFP" records in DNS to get host keys (not very secure). There is
    also a "StrictHostKeyChecking" option which requires host public keys to
    be manually added to the known hosts file rather than allowing them to
    be acquired automatically.

    --
    David Empson
    David Empson, Jun 19, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c2FpbG9yMQ==?=

    Adding Apple Macintosh computer to mt network

    =?Utf-8?B?c2FpbG9yMQ==?=, Mar 21, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    495
    Jim Seifert [MSFT]
    Mar 25, 2005
  2. MCSE World

    OT: The truth about Macintosh

    MCSE World, Sep 9, 2003, in forum: MCSE
    Replies:
    7
    Views:
    503
    Maestro
    Sep 9, 2003
  3. °Mike°
    Replies:
    0
    Views:
    529
    °Mike°
    Jul 5, 2003
  4. ºoºfizzyºoº

    Macintosh File Server question

    ºoºfizzyºoº, May 28, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    476
    Ron Colvin
    May 30, 2004
  5. Christopher Jones

    Macintosh format to open in WinXP?

    Christopher Jones, Sep 11, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    404
Loading...

Share This Page