上QQ阅读APP看书,第一时间看更新
The UseDNS setting
The last option I'm going to cover is the UseDNS entry, as it's a source of pain for quite a few people:
#UseDNS yes
UseDNS no
Here, we can see that UseDNS has been explicitly set to no in our configuration file. This is the default.
When set to no, the SSH daemon will not look up the remote host name, and check that the remote IP maps back to the expected IP, based on that host name.
To confuse you further, here's the manual entry of UseDNS :
"Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address.
If this option is set to no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives."
If this option is set to no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives."
What this means is that when UseDNS is set to yes, and the machine you're connecting from doesn't have a reverse DNS entry set, SSH will try and match the IP it expects with what it's seeing, and likely fail to do so.
In practice, all this means is that if your DNS is broken on the box you're trying to connect to, you have to wait around like a lemon for a bit while the DNS request times out, and eventually let you in. To frustrate matters further, this feature is almost useless out of the box, as highlighted in this mailing list email: https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html.