On 08/11/11 10:53, Peter J. Philipp wrote:
On Thu, Aug 11, 2011 at 10:35:16AM -0600, Jeff Ross wrote:
I'm logging into a remote server and on the remote end I see this in the
logs:
2011-08-11 10:20:34.701069500 auth.info: sshd[20129]: Address
71.37.181.185 maps to heinlein.openvistas.net, but this does not map
back to the address - POSSIBLE BREAK-IN ATTEMPT!
That is incorrect, though.
...
On the remote end sshd is set to UseDNS (not changed from default). Any
ideas on why this is failing?
Jeff
Is the DNS server, that the remote server is using, trustable? If it lies
answers ie. gives different answers of heinlein lookups, (perhaps in order
to snarf up jobs that contact heinlein from the remote server). I hate to
say this but DNS is not that trustable unless DNSSEC is used because it
verifies an answer, which I believe is not done in the resolver.
Your error message does not make sense if plain DNS were trustable. But it's
not.
-peter
Yes, that was it. I'd changed the name of the remote server in
/etc/myname but left it in /etc/hosts and the order is lookup file bind.
Thanks!
Jeff
