On 2010-09-04, Damon McMahon <[email protected]> wrote: > Greetings, > > What are the potential security concerns (if any) of using > > UseDNS no > > in sshd_config(5) if no host-based conditions are specified? I'm > setting up a port-forwarding mechanism on my OpenBSD firewall to an > internal server for a non-technical user needing to access it from > outside the firewall, and I want to remove the potential of a login > delay due to misconfigured DNS on any random internet cafi machine he > may be using to login. Or are the days of reverse DNS being badly > configured a thing of the past now?
Reverse DNS is still badly configured all over the place. You are looking in the wrong area for security concerns though. When connecting from random internet cafe machines you should basically be assuming that, at the least, some will have key loggers. At least look at S/Key but take a good hard look at what privileges this login will be allowed.
