Date: Wed, 18 Jul 2018 22:58:35 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Grzegorz Junka <list1@gjunka.com> Cc: freebsd-security@freebsd.org Subject: Re: Possible break-in attempt? Message-ID: <4DFA0BF5-1CF0-4100-9743-E011E5097B7E@patpro.net> In-Reply-To: <fd0ab13d-0dda-fa5d-a867-533720d9f47f@gjunka.com> References: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com> <368EABCF-A10A-49E9-9473-7753F6BEAA50@patpro.net> <fd0ab13d-0dda-fa5d-a867-533720d9f47f@gjunka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 juil. 2018, at 22:25, Grzegorz Junka <list1@gjunka.com> wrote:
>
> I am interested what security precaution FreeBSD is trying to do here. Is the sshd server receiving an ssh login request from an IP, that can't be resolved back to a domain in the reverse DNS (PTR) record for that IP?
this is quite usual with some ISP:
$ host 62.254.132.162
162.132.254.62.in-addr.arpa domain name pointer 162.132-254-62.static.virginmediabusiness.co.uk.
$ host 162.132-254-62.static.virginmediabusiness.co.uk
Host 162.132-254-62.static.virginmediabusiness.co.uk not found: 3(NXDOMAIN)
it's not a feature of FreeBSD, it's a feature of OpenSSH.
From man sshd_config:
UseDNS Specifies whether sshd(8) should look up the remote host name,
and to check that the resolved host name for the remote IP
address maps back to the very same IP address.
If this option is set to “no”, then only addresses and not host
names may be used in ~/.ssh/known_hosts from and sshd_config
Match Host directives. The default is “yes”.
Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DFA0BF5-1CF0-4100-9743-E011E5097B7E>