[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure
Tilman Schmidt
t.schmidt at phoenixsoftware.de
Thu Mar 7 16:45:04 UTC 2013
Am 06.03.2013 19:20, schrieb Gordon Messmer:
> On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
>> Any ideas how to remedy that situation?
>
> As long as you get the IP address for failed logins, ignore reverse
> mapping failures.
Trouble is, I don't:
Feb 8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication
failures for root
Feb 8 00:03:19 dns01 sshd[6121]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication
failures for root
Feb 8 00:03:22 dns01 sshd[6123]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication
failures for root
[...]
And at the end of the day, logwatch tells me:
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 149 Time(s)
Not good.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130307/1f851467/attachment.sig>
More information about the CentOS
mailing list