Re: i cannot understand sshd behavior

[Andreas Haupt <ahaupt@ifh.de>]

Hi,

On Mon, 12 Mar 2007, Gustavo Rios wrote:

> I have the following sshd_config (relevant part only):
>
> GSSAPIAuthentication yes
> #GSSAPICleanupCredentials yes
> KerberosAuthentication yes
> KerberosGetAFSToken yes
> KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
>
> When i try to connect to a server by its fqdn no password is request, like 
> in:
>
> $ ssh -l sioux foo.my.domain
> Last login: Mon Mar 12 13:18:22 2007 from 10.0.0.250
> Naeser's Law:
>       You can make it foolproof, but you can't make it
> damnfoolproof.
> $
>
>
> But, when i try by IP, i get this:
>
> $ ssh -l sioux 10.0.0.1
> sioux@10.0.0.1's password:
> Last login: Mon Mar 12 13:21:17 2007 from 10.0.0.250
> "The subspace W inherits the other 8 properties of V. And there aren't
> even any property taxes."
>               -- J. MacKay, Mathematics 134b
> $
>
>
> Why does it happens? I believe i told sshd explicitly not to request
> password, didn't i?

Does the reverse lookup (mapping ip to fqdn) work? Depending on 
/etc/nsswitch.conf something like this should give you a fqdn of the 
desired host name:

[fuchur] ~ % host 10.0.0.1
Host 1.0.0.10.in-addr.arpa not found: 3(NXDOMAIN)

Cheers,
Andreas

PS: "ssh -vvv" is your friend...

-- 
| Andreas Haupt                | E-Mail: andreas.haupt@desy.de
|  DESY Zeuthen                | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6             | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen             | Fax:    +49/33762/7-7216