Am 07.03.2013 19:49, schrieb Les Mikesell: > On Thu, Mar 7, 2013 at 10:45 AM, Tilman Schmidt > <t.schmidt at phoenixsoftware.de> wrote: >>>> Any ideas how to remedy that situation? >>> >>> As long as you get the IP address for failed logins, ignore reverse >>> mapping failures. >> >> Trouble is, I don't: > > Does it work if you set > UseDNS no > in /etc/ssh/sshd_config? Not really. That seems to remove the "reverse mapping checking failed" messages (assuming there were the usual number of such attempts after I set that option), but IP addresses for failed logins to existing users are never logged. The log contains just: sshd[27912]: Disconnecting: Too many authentication failures for root In contrast, log entries for login attempts with non-existing user names do contain the source IP address: sshd[30576]: Invalid user condor from 62.201.70.8 But this is true on both CentOS 5 and 6, so it's apparently the way OpenSSH decided to do things, and cannot be remedied by the distribution. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130308/586b1e7e/attachment-0005.sig>