Am 07.03.2013 19:49, schrieb Les Mikesell:
On Thu, Mar 7, 2013 at 10:45 AM, Tilman Schmidt t.schmidt@phoenixsoftware.de wrote:
Any ideas how to remedy that situation?
As long as you get the IP address for failed logins, ignore reverse mapping failures.
Trouble is, I don't:
Does it work if you set UseDNS no in /etc/ssh/sshd_config?
Not really. That seems to remove the "reverse mapping checking failed" messages (assuming there were the usual number of such attempts after I set that option), but IP addresses for failed logins to existing users are never logged. The log contains just:
sshd[27912]: Disconnecting: Too many authentication failures for root
In contrast, log entries for login attempts with non-existing user names do contain the source IP address:
sshd[30576]: Invalid user condor from 62.201.70.8
But this is true on both CentOS 5 and 6, so it's apparently the way OpenSSH decided to do things, and cannot be remedied by the distribution.