[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure

Thu Mar 7 18:07:08 UTC 2013
Michael Krug <mkrug at agjunction.net>

You could deny all by default and only allow your locations in tcp_wrappers.


Add this to /etc/hosts.deny:

sshd:	ALL

And this to /etc/hosts.allow

sshd:	12.34.56.78   your.ip.here        123.        12.34. 

I exaggerated the spaces. You'd still get the failures in your logs, but
access to the service won't be granted as it wouldn't match the allow.


> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Tilman Schmidt
> Sent: Thursday, March 07, 2013 11:45 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] CentOS 5 sshd does not log IP address of reverse
> mapping failure
> 
> Am 06.03.2013 19:20, schrieb Gordon Messmer:
> > On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
> >> Any ideas how to remedy that situation?
> >
> > As long as you get the IP address for failed logins, ignore reverse
> > mapping failures.
> 
> Trouble is, I don't:
> 
> Feb  8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo for
> mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
> Feb  8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication
> failures for root Feb  8 00:03:19 dns01 sshd[6121]: reverse mapping
checking
> getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN
> ATTEMPT!
> Feb  8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication
> failures for root Feb  8 00:03:22 dns01 sshd[6123]: reverse mapping
checking
> getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN
> ATTEMPT!
> Feb  8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication
> failures for root [...]
> 
> And at the end of the day, logwatch tells me:
> 
> --------------------- SSHD Begin ------------------------
> 
> Disconnecting after too many authentication failures for user:
>     root : 149 Time(s)
> 
> Not good.
> 
> --
> Tilman Schmidt
> Phoenix Software GmbH
> Bonn, Germany