Possible break-in attempt?
Patrick Proniewski
patpro at patpro.net
Wed Jul 18 20:58:38 UTC 2018
On 18 juil. 2018, at 22:25, Grzegorz Junka <list1 at gjunka.com> wrote:
>
> I am interested what security precaution FreeBSD is trying to do here. Is the sshd server receiving an ssh login request from an IP, that can't be resolved back to a domain in the reverse DNS (PTR) record for that IP?
this is quite usual with some ISP:
$ host 62.254.132.162
162.132.254.62.in-addr.arpa domain name pointer 162.132-254-62.static.virginmediabusiness.co.uk.
$ host 162.132-254-62.static.virginmediabusiness.co.uk
Host 162.132-254-62.static.virginmediabusiness.co.uk not found: 3(NXDOMAIN)
it's not a feature of FreeBSD, it's a feature of OpenSSH.
From man sshd_config:
UseDNS Specifies whether sshd(8) should look up the remote host name,
and to check that the resolved host name for the remote IP
address maps back to the very same IP address.
If this option is set to “no”, then only addresses and not host
names may be used in ~/.ssh/known_hosts from and sshd_config
Match Host directives. The default is “yes”.
Patrick
More information about the freebsd-security
mailing list