Package: openssh-server Version: 1:8.4p1-5 Tags: upstream Dear maintainers,
When doing host-based authentication, sshd tries to look up the hostname of the IP that's connecting and compares it to the hostname the client sends, but if UseDNS is off (as it is by default), this will always fail. So if you're using host-based authentication you need to either turn UseDNS on or disable the reverse look up. The error message that you get in this situation, however, is not likely to lead you to do one of those two things: sshd[2540]: userauth_hostbased mismatch: client sends HOSTNAME, but we resolve 128.100.X.Y to 128.100.X.Y To most readers, this suggests that a look up is being performed but is failing to return any hostname, so the user is likely to start looking at their /etc/hosts. But the problem is actually that sshd is not even trying to perform any look up. Further discussion: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHUseDNSErrorAnnoyance -- Sean Whitton
signature.asc
Description: PGP signature
