[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure

Wed Mar 6 17:45:14 UTC 2013
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

I'm running a mix of CentOS 5 and 6 servers reachable by ssh
from the Internet. Of course I allow only public key authentication
and no root login. In addition I'm running fail2ban to block
obnoxious brute force attack sources.

On CentOS 6 this is working pretty well, but on CentOS 5 there's
one class of attacks fail2ban fails to ban. (No pun intended.)
This isn't fail2ban's fault, but openssh's. When the source IP
address of a failed attempt fails the reverse mapping check,
CentOS 6 (openssh-server-5.3p1-81.el6_3.x86_64) logs:

Mar  3 04:06:34 posthamster sshd[1718]: reverse mapping checking
getaddrinfo for hn.ly.kd.adsl [61.163.113.72] failed - POSSIBLE BREAK-IN
ATTEMPT!

from which fail2ban can pick up and block IP address 61.163.113.72
just fine. CentOS 5 (openssh-server-4.3p2-82.el5) OTOH logs:

Mar  3 04:44:48 gimli sshd[12870]: reverse mapping checking getaddrinfo
for hn.ly.kd.adsl failed - POSSIBLE BREAK-IN ATTEMPT!

without the IP address. The name is of no use because sshd just
confirmed that it doesn't really correspond to the attacker's
IP address.

Any ideas how to remedy that situation?

TIA
T.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130306/5e44478f/attachment-0004.sig>