Useless log message "POSSIBLE BREAK-IN ATTEMPT"
Ben Lindstrom
mouring at offwriting.org
Wed Dec 25 19:04:33 EST 2013
If it bothers you turn it off:
UseDNS Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP
address maps back to the very same IP address. The default is ``yes''.
- Ben
On Dec 24, 2013, at 11:23 PM, Kaz Kylheku <kaz at kylheku.com> wrote:
>
>
> We cannot conclude that just because the source IP address of a
> connection doesn't have forward and reverse DNS info, that the
> connection is a break-in attempt. This is a content-free entry that
> wastes valuable visual space in the auth log:
>
> Dec 23 2013 18:51:44 localhost sshd[30321]: reverse mapping checking
> getaddrinfo for 222.109.250.63.static.addr.dsl4u.ca [63.250.109.222]
> failed - POSSIBLE BREAK-IN ATTEMPT!
>
> That was me, logging in from a smartphone, from a Wi-Fi hotspot.
>
> Never mind logging; the software should not even be performing these
> pointless time and bandwidth wasting lookups.
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list