- Red Hat Enterprise Linux (All Releases)
- SSH client
sshdSecure Shell Daemon
reverse mapping checking getaddrinfoand
POSSIBLE BREAK-IN ATTEMPTerror messages via SSH
- SSH from client to server produces the following results:
$ ssh hostname reverse mapping checking getaddrinfo for client.example.com [10.0.0.1] failed - POSSIBLE BREAK-IN ATTEMPT! username@hostname password:
There are several ways to resolve this issue:
- Setup a Reverse DNS Record (aka PTR Record) for the SSH client.
GSSAPIAuthentication noare set in
/etc/ssh/sshd_configon the SSH server, then restart the sshd.
- Confirm that
/etc/hostson the SSH server has an entry for the SSH client IP address and hostname.
- There is (most likely) no "attack" occurring when this message is displayed.
- The SSH client's Reverse DNS (PTR) Record does not match the hostname which the client uses to identify itself.
- This may be because there is no Reverse DNS Record, or the Reverse DNS record is different.
- These messages are common, especially for public internet connections where the SSH client does not have any control over its Reverse DNS Record.
- If the SSH server's
/etc/hostsfile contains a different IP address or hostname for the SSH client, this difference in lookup can occur in the SSHD without any external DNS query. The order of lookup depends on the
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.