[SGVLUG] using SSH from a non-confirmable client -- how?
Jeff Carlson
jeff at ultimateevil.org
Wed Nov 2 18:44:52 PST 2005
Emerson, Tom wrote:
> Nov 2 15:16:08 osnut sshd[25833]: reverse mapping checking
> getaddrinfo for h-64-236-243-16.twi.com failed - POSSIBLE BREAKIN
> ATTEMPT!
It's not your gateway, it's your DNS server. Your A record doesn't
match your PTR. Here:
$ host 64.236.243.16
16.243.236.64.in-addr.arpa domain name pointer h-64-236-243-16.twi.com.
$ host h-64-236-243-16.twi.com
Host h-64-236-243-16.twi.com not found: 3(NXDOMAIN)
Your sshd at home is configured to require these two to match. I will
bet there is an A record in your company's DNS that does match your IP,
but obviously, your PTR is this generic h-#-#-#-# thing. Your sshd is
configured to look up the IP, then look up the name that previous lookup
returned. This can also be done in tcp_wrappers using the PARANOID
setting. Check /etc/hosts.allow and /etc/hosts.deny. If there is such
a PARANOID setting, just insert this into hosts.allow ahead of the
PARANOID line:
sshd: 64.236.243.16
Otherwise check the sshd_config(5) man page and look for paranoid DNS
operation.
You might be able to cheat by putting an entry in /etc/hosts. That can
usually bypass DNS if the subsystem is actually doing a gethostby*
syscall. I'm not sure if sshd uses that libc method or specifically
relies on DNS.
More information about the SGVLUG
mailing list