/var/log/messages中看到如下log:
Aug 31 13:45:21 loopback sshd[2293]: Accepted publickey for oracle from 192.168.51.2 port 47823 ssh2
Aug 31 13:46:01 loopback sshd[2458]: Accepted publickey for oracle from 192.168.51.2 port 47829 ssh2
Aug 31 13:46:01 loopback sshd[2485]: Accepted publickey for oracle from 192.168.51.2 port 47830 ssh2
Aug 31 13:47:01 loopback sshd[2740]: Accepted publickey for oracle from 192.168.51.2 port 47841 ssh2
Aug 31 13:47:01 loopback sshd[2770]: Accepted publickey for root from 192.168.30.200 port 31700 ssh2
Aug 31 13:47:02 loopback sshd[2772]: Accepted publickey for oracle from 192.168.51.2 port 47842 ssh2
Aug 31 13:47:10 loopback sshd[2840]: reverse mapping checking getaddrinfo for mydns.dns.com [192.168.13.164] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 31 13:47:10 loopback sshd[2840]: Accepted publickey for nagios from 192.168.13.164 port 44965 ssh2
Aug 31 13:47:10 loopback sshd[2866]: reverse mapping checking getaddrinfo for mydns.dns.com [192.168.13.164] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 31 13:47:10 loopback sshd[2866]: Accepted publickey for nagios from 192.168.13.164 port 44969 ssh2
Aug 31 13:47:10 loopback sshd[2892]: reverse mapping checking getaddrinfo for mydns.dns.com [192.168.13.164] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 31 13:47:10 loopback sshd[2892]: Accepted publickey for nagios from 192.168.13.164 port 44972 ssh2
Aug 31 13:47:10 loopback sshd[2918]: reverse mapping checking getaddrinfo for mydns.dns.com [192.168.13.164] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 31 13:47:10 loopback sshd[2918]: Accepted publickey for nagios from 192.168.13.164 port 44975 ssh2
Aug 31 13:47:11 loopback sshd[2947]: reverse mapping checking getaddrinfo for mydns.dns.com [192.168.13.164] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 31 13:47:11 loopback sshd[2947]: Accepted publickey for nagios from 192.168.13.164 port 44978 ssh2
Aug 31 13:48:02 loopback sshd[3129]: Accepted publickey for oracle from 192.168.51.2 port 25573 ssh2
Aug 31 13:48:02 loopback sshd[3159]: Accepted publickey for oracle from 192.168.51.2 port 25574 ssh2
Aug 31 13:49:02 loopback sshd[3370]: Accepted publickey for oracle from 192.168.51.2 port 25585 ssh2
Aug 31 13:49:02 loopback sshd[3400]: Accepted publickey for oracle from 192.168.51.2 port 25586 ssh2
“reverse mapping checking getaddrinfo for xxxx POSSIBLE BREAK-IN ATTEMPT!"的错误信息是ssh中配置了DNS,当进行反解时,DNS服务器中无此主机名时,出现的错误信息。
禁止ssh使用DNS方案是修改/etc/ssh/sshd_config文件,把UseDNS 设置为no:
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
|
如果DNS服务器慢的话,如果没有禁止DNS,还会导致ssh登陆慢。
阅读(3354) | 评论(1) | 转发(0) |