[PLUG] Please explain SSHD log entry
Daniel Johnson
teknotus at gmail.com
Sun Jan 20 16:33:58 UTC 2008
On Jan 20, 2008 8:15 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> Now and then I see an entry in the sshd log that looks like this one:
>
> **Unmatched Entries**
> warning: /etc/hosts.allow, line 8: host name/address mismatch: 67.138.24.31 != ns1.gloeblinks.com
>
> Since /etc/hosts.allow -- particularly line 8 -- has neither that IP
> address (belongs to Electric Lightwave) nor that domain name, why do I get
> this warning? The only explanation that occurs to me is that the system
> recognized an unauthorized cracking attempt and prevented it, but did not
> have a better warning message to offer. Is that all it is?
Well they don't match in DNS.
67.138.24.31 looks up to be ns1.gloeblinks.com but
ns1.gloeblinks.com looks up to be 67.138.24.30
ssh sees that as possibly trying to spoof an address via DNS. SSH is
justifiably paranoid. Get DNS fixed so that forward, and reverse
lookups match, and the error should go away.
--
teknotus
Take Notice
More information about the PLUG
mailing list