[PLUG] Please explain SSHD log entry
Roderick A. Anderson
raanders at acm.org
Sun Jan 20 18:01:49 UTC 2008
Rich Shepard wrote:
> Now and then I see an entry in the sshd log that looks like this one:
>
> **Unmatched Entries**
> warning: /etc/hosts.allow, line 8: host name/address mismatch: 67.138.24.31 != ns1.gloeblinks.com
>
> Since /etc/hosts.allow -- particularly line 8 -- has neither that IP
> address (belongs to Electric Lightwave) nor that domain name, why do I get
> this warning? The only explanation that occurs to me is that the system
> recognized an unauthorized cracking attempt and prevented it, but did not
> have a better warning message to offer. Is that all it is?
I'd guess it means you don't have that IP or domain in your
/etc/host.allow file (which you said) and with the DNS mismatch it is
warning that the access was made. As Daniel said. I'm guessing you
have nothing to do with "gloeblinks.com" therefore the concern.
Does line 8 have anything on it? Are there more than 8 lines in
/etc/hosts.allow? Is your /etc/hosts.allow file _organized_ ie. all the
sshd: lines are together and something different after line 8?
Rod
--
>
> Rich
>
More information about the PLUG
mailing list