I'm logging into a remote server and on the remote end I see this in the
logs:
2011-08-11 10:20:34.701069500 auth.info: sshd[20129]: Address
71.37.181.185 maps to heinlein.openvistas.net, but this does not map
back to the address - POSSIBLE BREAK-IN ATTEMPT!
That is incorrect, though.
jross@heinlein:/home/jross $ dig -x 71.37.181.185
>
; <<>> DiG 9.4.2-P2 <<>> -x 71.37.181.185
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64370
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;185.181.37.71.in-addr.arpa. IN PTR
;; ANSWER SECTION:
185.181.37.71.in-addr.arpa. 86382 IN PTR heinlein.openvistas.net.
;; Query time: 2 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Thu Aug 11 10:26:50 2011
;; MSG SIZE rcvd: 81
On the remote server, I get the same output from dig.
jross@varley:/etc/dovecot $ dig -x 71.37.181.185
; <<>> DiG 9.4.2-P2 <<>> -x 71.37.181.185
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34460
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;185.181.37.71.in-addr.arpa. IN PTR
;; ANSWER SECTION:
185.181.37.71.in-addr.arpa. 8744 IN PTR heinlein.openvistas.net.
;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 11 10:31:49 2011
;; MSG SIZE rcvd: 81
On the remote end sshd is set to UseDNS (not changed from default). Any
ideas on why this is failing?
Jeff
