Useless log message "POSSIBLE BREAK-IN ATTEMPT"

Ben Lindstrom mouring at offwriting.org
Wed Dec 25 19:04:33 EST 2013


If it bothers you turn it off:


     UseDNS  Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP
             address maps back to the very same IP address.  The default is ``yes''.

- Ben

On Dec 24, 2013, at 11:23 PM, Kaz Kylheku <kaz at kylheku.com> wrote:

> 
> 
> We cannot conclude that just because the source IP address of a
> connection doesn't have forward and reverse DNS info, that the
> connection is a break-in attempt. This is a content-free entry that
> wastes valuable visual space in the auth log: 
> 
> Dec 23 2013 18:51:44 localhost sshd[30321]: reverse mapping checking
> getaddrinfo for 222.109.250.63.static.addr.dsl4u.ca [63.250.109.222]
> failed - POSSIBLE BREAK-IN ATTEMPT! 
> 
> That was me, logging in from a smartphone, from a Wi-Fi hotspot. 
> 
> Never mind logging; the software should not even be performing these
> pointless time and bandwidth wasting lookups. 
> 
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list