You could deny all by default and only allow your locations in tcp_wrappers. Add this to /etc/hosts.deny: sshd: ALL And this to /etc/hosts.allow sshd: 12.34.56.78 your.ip.here 123. 12.34. I exaggerated the spaces. You'd still get the failures in your logs, but access to the service won't be granted as it wouldn't match the allow. > -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Tilman Schmidt > Sent: Thursday, March 07, 2013 11:45 AM > To: CentOS mailing list > Subject: Re: [CentOS] CentOS 5 sshd does not log IP address of reverse > mapping failure > > Am 06.03.2013 19:20, schrieb Gordon Messmer: > > On 03/06/2013 09:45 AM, Tilman Schmidt wrote: > >> Any ideas how to remedy that situation? > > > > As long as you get the IP address for failed logins, ignore reverse > > mapping failures. > > Trouble is, I don't: > > Feb 8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo for > mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT! > Feb 8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication > failures for root Feb 8 00:03:19 dns01 sshd[6121]: reverse mapping checking > getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN > ATTEMPT! > Feb 8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication > failures for root Feb 8 00:03:22 dns01 sshd[6123]: reverse mapping checking > getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN > ATTEMPT! > Feb 8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication > failures for root [...] > > And at the end of the day, logwatch tells me: > > --------------------- SSHD Begin ------------------------ > > Disconnecting after too many authentication failures for user: > root : 149 Time(s) > > Not good. > > -- > Tilman Schmidt > Phoenix Software GmbH > Bonn, Germany