Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2079150
  • 博文数量: 470
  • 博客积分: 10206
  • 博客等级: 上将
  • 技术积分: 5620
  • 用 户 组: 普通用户
  • 注册时间: 2008-07-03 12:50
文章分类

全部博文(470)

文章存档

2012年(1)

2011年(18)

2010年(47)

2009年(404)

分类: LINUX

2010-09-29 20:55:18

When you connect to a host using SSH or SFTP it does a series of checks to ensure you are connecting to the host you are expecting to connect to. One of these is a reverse lookup on the IP address to check the hostname is the same as the hostname you are connecting to. If it's not, you'll get an error message like "reverse mapping checking getaddrinfo for ... POSSIBLE BREAK-IN ATTEMPT!". The post looks at a solution to this message.

Reverse DNS not set up

Connecting from the command line, you might enter something like this:

1ssh my.example.com

and get some output like this:

1Connecting to my.example.com...
2reverse mapping checking getaddrinfo for 192-168-1-243.foo.bar.net failed - POSSIBLE BREAK-IN ATTEMPT!
3chris@my.example.com's password:

What this is telling us is that although we are connecting to my.example.com the IP address of the server we are connecting to actually maps back to 192-168-1-243.foo.bar.net in this example. When this actually happened to me, it's because the reverse DNS had not been set up for the server (which would map e.g. 192.168.1.243 to my.example.com as well as vice versa).

Hosts file solution

Because I knew this reverse mapping was OK, I can add an entry to my hosts file and it will stop the error message from happening. For the above example, I would add the following to my hosts file:

1192.168.1.243  my.example.com

Now when I log in using SSH from the command line I won't get that error message any more. 

PT

阅读(3572) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~