openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard
verified publisher icon openssh

Only set PAM_RHOST if the remote host is not "UNKNOWN"

Open DaanDeMeyer opened this issue 2 years ago • 3 comments

When using sshd's -i option with stdio that is not a AF_INET/AF_INET6 socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then set as the value of PAM_RHOST, causing pam to try to do a reverse DNS query of "UNKNOWN", which times out multiple times, causing a substantial slowdown when logging in.

To fix this, let's only set PAM_RHOST if the hostname is not "UNKNOWN".

DaanDeMeyer avatar Mar 20 '23 19:03 DaanDeMeyer

@djmdjm @daztucker Could any of you take a look at this PR? I'd very much like to see this fixed and setting PAM_RHOST when we don't know it seems like a bug to me.

DaanDeMeyer avatar May 20 '23 14:05 DaanDeMeyer

Ping @djmdjm @daztucker

DaanDeMeyer avatar Jul 19 '23 07:07 DaanDeMeyer

Ping @djmdjm @daztucker could you please have a look.

danielbisar avatar Feb 03 '24 09:02 danielbisar