Reverse Mapping Checking - Possible Break-in Attem

3570阅读 0评论2010-09-29 greendays
分类:LINUX

When you connect to a host using SSH or SFTP it does a series of checks to ensure you are connecting to the host you are expecting to connect to. One of these is a reverse lookup on the IP address to check the hostname is the same as the hostname you are connecting to. If it's not, you'll get an error message like "reverse mapping checking getaddrinfo for ... POSSIBLE BREAK-IN ATTEMPT!". The post looks at a solution to this message.

Reverse DNS not set up

Connecting from the command line, you might enter something like this:

1ssh my.example.com

and get some output like this:

1Connecting to my.example.com...
2reverse mapping checking getaddrinfo for 192-168-1-243.foo.bar.net failed - POSSIBLE BREAK-IN ATTEMPT!
3chris@my.example.com's password:

What this is telling us is that although we are connecting to my.example.com the IP address of the server we are connecting to actually maps back to 192-168-1-243.foo.bar.net in this example. When this actually happened to me, it's because the reverse DNS had not been set up for the server (which would map e.g. 192.168.1.243 to my.example.com as well as vice versa).

Hosts file solution

Because I knew this reverse mapping was OK, I can add an entry to my hosts file and it will stop the error message from happening. For the above example, I would add the following to my hosts file:

1192.168.1.243  my.example.com

Now when I log in using SSH from the command line I won't get that error message any more. 

PT

上一篇:cu 2010年系统架构师大会 参与心得
下一篇:CentOS+Cacti安装配置