Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've check the auth.log of my Debian 3.0 system.
There is record about the sshd.
Apr 15 10:01:07 firewall sshd[3773]: Could not reverse map address 10.100.128.251.
Apr 15 10:01:09 firewall sshd[3773]: Accepted password for pig from 10.100.128.251 port 1037 ssh2
I understand the second statement. That means the user pig login successfully.
About the first statement, is it a problem or normal?
How can I fix it?
This is just the optional reverse DNS lookup the sshd can perform. This acts as an added security feature against spoofing by checking whether the hostname and IP address agree according to the DNS record. However, the 10.0.0.0/8 IPs are an IANA reserved block for private use and so the DNS record won't match the local hostname. There isn't anything wrong with that, it's just how it works. You can actually disable the reverse DNS lookup if you like by uncommenting the useDNS option in the sshd_config file and setting it to 'No'.
--Just saw your reply---
VerifyReverseMapping has been deprecated and replaced with the useDNS option, at least in newer versions of sshd. If you are using an older version, the VerifyReverseMapping option may still work. You can try using one or the other, just make sure to restart sshd after making changes so that it re-reads the config.
Apr 15 08:27:25 firewall sshd[3709]: Could not reverse map address 211.157.108.19.
Apr 15 09:46:33 firewall sshd[3756]: Could not reverse map address 61.129.49.27.
The IP address is not the reserved block. Is it normal?
Not 100% sure, but I believe these come from hosts behind a NAT firewall. I see them fairly regularly too. I think it's unlikely that these are spoofed, as it's not trivial to spoof an ssh session and do anything meaningful.
Second, I cannot find the field "useDNS" or anyother options about "DNS".
I am using the Debian 3.0 kernel 2.4. Is it a difference?
It would depend more on your ssh version. If you don't see the useDNS option, but you do have the VerifyReverseMapping option, try using that first. Make sure to uncomment it and restart the ssh daemon after making any changes. It might also be informative if you use start sshd with the -ddd option. If it doesn't work try the useDNS option (just edit the config and put it in there). At the very worst, sshd will barf and you'll have to re-edit the config. If you're doing this remotely over an ssh session, then it's probably not a good idea as you'll lock yourself out (trust me I've done it enough times to know better by now )
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.