[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure
Tilman Schmidt
t.schmidt at phoenixsoftware.de
Fri Mar 8 14:01:24 UTC 2013
Am 07.03.2013 19:49, schrieb Les Mikesell:
> On Thu, Mar 7, 2013 at 10:45 AM, Tilman Schmidt
> <t.schmidt at phoenixsoftware.de> wrote:
>>>> Any ideas how to remedy that situation?
>>>
>>> As long as you get the IP address for failed logins, ignore reverse
>>> mapping failures.
>>
>> Trouble is, I don't:
>
> Does it work if you set
> UseDNS no
> in /etc/ssh/sshd_config?
Not really. That seems to remove the "reverse mapping checking failed"
messages (assuming there were the usual number of such attempts after
I set that option), but IP addresses for failed logins to existing
users are never logged. The log contains just:
sshd[27912]: Disconnecting: Too many authentication failures for root
In contrast, log entries for login attempts with non-existing user
names do contain the source IP address:
sshd[30576]: Invalid user condor from 62.201.70.8
But this is true on both CentOS 5 and 6, so it's apparently the way
OpenSSH decided to do things, and cannot be remedied by the
distribution.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130308/586b1e7e/attachment.sig>
More information about the CentOS
mailing list