[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure

Gordon Messmer

yinyang at eburg.com
Fri Mar 8 19:51:23 UTC 2013


On 03/07/2013 08:45 AM, Tilman Schmidt wrote:
>> >As long as you get the IP address for failed logins, ignore reverse
>> >mapping failures.
> Trouble is, I don't:

Are you watching the messages or secure log?

# cat /etc/redhat-release
CentOS release 5.8 (Final)
# tail -f /var/log/secure
Mar  8 11:46:54 firewall sshd[27455]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=173-xx-xx-xx-washington.hfc.comcastbusiness.net  user=root
Mar  8 11:46:56 firewall sshd[27455]: Failed password for root from 
173.xx.xx.xx port 51437 ssh2

The standard configuration should be logging the IP address of failed 
logins.

I don't think I have access to any hosts where the reverse lookup is 
broken, so I'm not sure if what you're seeing is a result of a logging 
bug related to PTR mismatch, or what.




More information about the CentOS mailing list