[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure

Thu Mar 7 16:45:04 UTC 2013
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

Am 06.03.2013 19:20, schrieb Gordon Messmer:
> On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
>> Any ideas how to remedy that situation?
> 
> As long as you get the IP address for failed logins, ignore reverse 
> mapping failures.

Trouble is, I don't:

Feb  8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication
failures for root
Feb  8 00:03:19 dns01 sshd[6121]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication
failures for root
Feb  8 00:03:22 dns01 sshd[6123]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication
failures for root
[...]

And at the end of the day, logwatch tells me:

--------------------- SSHD Begin ------------------------

Disconnecting after too many authentication failures for user:
    root : 149 Time(s)

Not good.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130307/1f851467/attachment-0004.sig>