How to turn off reverse parsing of ssh in apache

步履不停
Release: 2019-07-27 09:14:56
Original
2193 people have browsed it

How to turn off reverse parsing of ssh in apache

When we connect to apache, ssh, mysql and other servers, if the connection is too slow, the possible reason is reverse query of dns. Some netizens have this situation: the situation is that you have to enter your account and password to log in for ssh, ftp, etc. Only after entering the password, you have to wait 30 seconds, which is said to be the DNS reverse resolution timeout.

Why do we need reverse resolution of domain names? This is because it prevents fake IPs from connecting to the server and resolves the IP into domain names to improve installation and see if the IP is fake. This is one of the functions of DNS reverse query.

If the connection is too slow after turning on the reverse parsing function of apache, ssh, mysql and other servers. There are two solutions:

You need to build your own dns resolution or change the hosts file to turn off the dns reverse resolution function of the service.

Let’s talk about the second method first. This method is the simplest, but after turning off dns reverse analysis, the situation of forged IP login cannot be prevented.

1. Turn off the reverse parsing of mysql and ssh

找到 /etc/mysql/my.cnf 
在 [mysqld]标记下面添加:
skip-name-resolve 不把IP地址解析为主机名; 与访问控制(mysql.user数据表)有关的检查全部通过IP地址行进
skip-host-cache  不使用高速缓存区来存放主机名和IP地址的对应关系
然后保存
/etc/init.d/mysql restart 重启mysql。
Copy after login

Attached is the ssh:

取消sshd服务的dns反向解析#vi /etc/ssh/sshd_config找到选项UseDNS ,取消注释,改为
UseDNS no
重启sshd服务
/etc/init.d/sshd  restart
Copy after login

2. Build your own dns server and add known servers The domain name is added.

This is because these records require DNS resolution (the program requires PTR reverse resolution, that is, the mapping relationship between IP and domain name, which is mainly used to verify whether the IP is a legal IP). The solution is as follows:
Method 1: Write commonly used IP addresses into the hosts file, and then check in /etc/nsswitch.conf whether the program queries the hosts file first (usually the default is this)
Method 2: Set up a dns server (It can be the local machine), add reverse resolution, and add this dns server to /etc/resolv.conf. Examples are as follows:

/********************************************************************************
reverse mapping
********************************************************************************/

zone "0.0.127.in-addr.arpa" in {
        type master;
        notify no;
        file "named.local";
        allow-update {"none";};
};

zone "20.172.in-addr.arpa" in {
        type master;
        file "master/20.172";
};

zone "168.192.in-addr.arpa" in {
        type master;
        file "master/168.192";
};

zone "16.172.in-addr.arpa" in {
        type master;
        file "master/16.172";
};

zone "17.172.in-addr.arpa" in {
        type master;
        file "master/17.172";
};
Copy after login

For more technical articles related to Apache, please visit the Apache Tutorial column to learn!

The above is the detailed content of How to turn off reverse parsing of ssh in apache. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template