[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure
Michael Krug
mkrug at agjunction.net
Thu Mar 7 18:07:08 UTC 2013
You could deny all by default and only allow your locations in tcp_wrappers.
Add this to /etc/hosts.deny:
sshd: ALL
And this to /etc/hosts.allow
sshd: 12.34.56.78 your.ip.here 123. 12.34.
I exaggerated the spaces. You'd still get the failures in your logs, but
access to the service won't be granted as it wouldn't match the allow.
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Tilman Schmidt
> Sent: Thursday, March 07, 2013 11:45 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] CentOS 5 sshd does not log IP address of reverse
> mapping failure
>
> Am 06.03.2013 19:20, schrieb Gordon Messmer:
> > On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
> >> Any ideas how to remedy that situation?
> >
> > As long as you get the IP address for failed logins, ignore reverse
> > mapping failures.
>
> Trouble is, I don't:
>
> Feb 8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo for
> mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
> Feb 8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication
> failures for root Feb 8 00:03:19 dns01 sshd[6121]: reverse mapping
checking
> getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN
> ATTEMPT!
> Feb 8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication
> failures for root Feb 8 00:03:22 dns01 sshd[6123]: reverse mapping
checking
> getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN
> ATTEMPT!
> Feb 8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication
> failures for root [...]
>
> And at the end of the day, logwatch tells me:
>
> --------------------- SSHD Begin ------------------------
>
> Disconnecting after too many authentication failures for user:
> root : 149 Time(s)
>
> Not good.
>
> --
> Tilman Schmidt
> Phoenix Software GmbH
> Bonn, Germany
More information about the CentOS
mailing list