[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hosts, resolv setup?

Still no solution, see below.

Stefan Alfredsson writes:
 > Quoting Svante Signell <svante.signell@telia.com> [010217 07:50]:
 > > Can someone explain to me how to set up /etc/hosts and
 > > /etc/resolv.conf for ssh (and similar programs) _not_ to search for my
 > > local network host names using the external nameservers in
 > > resolv.conf? 
 > 
 > as in, "do not connect to Internet when I only operate on my LAN"?
Yes, correct. I should have added that info.

 > > /etc/hosts:
 > > 127.0.0.1 localhost
 > > 192.160.0.1 host1.my.own.domain host1
 > > 192.160.0.2 host2.my.own.domain host2
 > > etc ...
 > > 
 > > /etc/resolv.conf:
 > > search my.own.domain
 > > nameserver xxx.yyy.zzz.www # External name server 1
 > > ...
 > 
 > looks fine. But, for example, does 'ping host1' try to contact x.y.z.w
 > to resolv host1? Or does this only occur with ssh?
No ping does not contact external nameservers, it only occurs with ssh.

 > Then it might be that sshd wants to reverse lookup the IP, which
 > causes an external lookup.
Yes, this seems to be the case, see below. How to solve this problem,
logging in to another host on the LAN takes an annoying long time?

 > > Anything else to set up?
 > 
 > /etc/host.conf:
 > order hosts,bind
 >
 > specifies that it should look at the hosts file first, and then use
 > bind.
Have that already.
 > 
 > You also might want to check what actually is asked for from the
 > nameserver, by using 'tcpdump -n udp and port 53', or use ethereal instead,
 > which does a nicer job of decoding (be sure to disable host lookups
 > though :)

Tried tcpdump on a ssh to the same host using the local I/F 127.0.0.1
and the LAN I/F 192.160.0.4. sshd tries to contact the tree nameservers in my resolv.conf twice
times before timing out. In other cases it tries four itmes before
password prompt and the twice after.

tcpdump -n udp port 53
09:37:07.565017 192.168.0.4.32824 > nameserver1.53:  58110+ A? host4.my.own.domain. (39) (DF)
09:37:12.571320 192.168.0.4.32825 > nameserver2.53:  58110+ A? host4.my.own.domain. (39) (DF)
09:37:15.581307 192.168.0.4.32826 > nameserver3.53:  58110+ A? host4.my.own.domain. (39) (DF)
09:37:21.591274 192.168.0.4.32824 > nameserver1.53:  58110+ A? host4.my.own.domain. (39) (DF)
09:37:26.601278 192.168.0.4.32825 > nameserver2.53:  58110+ A? host4.my.own.domain. (39) (DF)
09:37:29.611275 192.168.0.4.32826 > nameserver3.53:  58110+ A? host4.my.own.domain. (39) (DF)

Commands:
ssh 127.0.0.1
...
ssh 192.168.0.4
...

>From the auth.log file:
Feb 21 09:22:46 host4 sshd[6434]: WARNING: /etc/ssh/primes does not exist, using old prime
Feb 21 09:22:50 host4 sshd[6434]: Accepted password for user4 from 127.0.0.1 port 32789 ssh2
Feb 21 09:22:51 host4 PAM_unix[6434]: (ssh) session opened for user user4 by (uid=0)
Feb 21 09:22:53 host4 PAM_unix[6434]: (ssh) session closed for user user4
Feb 21 09:23:00 host4 sshd[6451]: WARNING: /etc/ssh/primes does not exist, using old prime
Feb 21 09:23:34 host4 sshd[6451]: reverse mapping checking getaddrinfo for host4.my.own.domain failed - POSSIBLE BREAKIN ATTEMPT!
Feb 21 09:23:34 host4 sshd[6451]: Accepted password for user4 from 192.168.0.4 port 32791 ssh2
Feb 21 09:23:34 host4 PAM_unix[6451]: (ssh) session opened for user user4 by (uid=0)

 > > Thanks,
 > > Svante
 > 
 > -- 
 > Stefan
 > 
 > 
 > -- 
 > To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
 > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: