Reputation: 61
sshd is not resolving fqdn used in permitopen
Using OpenSSH server as a bastion so that users can build ssh tunnel from theirs local machines and be able to access internal resources over the bastion using socks5 protocol (TCP Forward is enabled in sshd_config).
As access control method using permitopen=IP:port per public key in authorized_keys file. Tunnel is used as socks5 proxy. This method is working fine.
But when using permitopen=FQDN:port then it is working only if FQDN is hardcoded in /etc/hosts file. I can resolve FQDN on the bastion node manually. But when remote client is trying to access FQDN by sending socks5h request over the tunnel, it doesn't work - tcpdump on udp 53 isn't showing that node is sending anything to its DNS servers.
nsswitch.conf looks ok hosts: files dns
sshd_config
PubkeyAuthentication yes
AuthorizedKeysFile /home/remote_users/.ssh/authorized_keys
X11Forwarding no
AllowGroups remote_users
AllowAgentForwarding no
AllowTcpForwarding yes
PermitRootLogin no
PermitTTY no
What is confusing is that in fact resolution is working, but only when FQDN is in /etc/hosts file. For some reason sshd isn't hooking an actions to query DNS server.
Ubuntu 22.04. OpenSSH_8.9p1
Upvotes: 0
Views: 24
Answers (0)
Related Questions
- gdb in sshd - SIGSEGV in malloc (n=6) at dl-minimal.c:50
- Authentication for OpenSSH server times out trying to connect via NordVPN meshnet
- Password Authentication only denied OpenSS?
- Start sshd automatically with docker container
- Windows 10 OpenSSH authorized keys error with sshd
- Let sshd only accept freenx clients
- where is SIGHUP from? (sshd forks a child to create a new session, kill this child and all processes in the session dies)