HPE Community
Operating System - Linux
1822932 Members
3752 Online
109645 Solutions
New Discussion юеВ

SSH Reverse Lookup Errors

 
SOLVED
Go to solution
Michael Williams_6
Trusted Contributor

тАО08-22-2005 09:13 PM

тАО08-22-2005 09:13 PM

SSH Reverse Lookup Errors

Hi all,

I've just upgraded a system from SLES8 to SLES9 and I'm getting strange SSH behaviour I did not get before.

When I log in on SSH, I get a painfully slow pause between entering my username/password (or SSH key). And I get the following error message in my messages file:

Aug 23 09:41:58 alchnfs1 sshd[24643]: fatal: Timeout before authentication for ::ffff:10.1.101.1
Aug 23 09:47:45 alchnfs1 sshd[24942]: reverse mapping checking getaddrinfo for ad-lac8345.alchemetrics.local failed - POSSIBLE BREAKIN ATTEMPT!

However, when I try to reverse map that same address on the command line, it works fine:

alchnfs1:/var/log # nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> ad-lac8345.alchemetrics.local
Server: 10.1.8.1
Address: 10.1.8.1#53

Name: ad-lac8345.alchemetrics.local
Address: 10.1.101.1
> 10.1.101.1
Server: 10.1.8.1
Address: 10.1.8.1#53

1.101.1.10.in-addr.arpa name = ad-lac8345.alchemetrics.local.

Does anyone have any ideas where the problem is? I've tried using modify sshd_config to ignore reverse mapping, but it looks like this has been depreciated :-(
0 Kudos
8 REPLIES 8
Steven E. Protter
Exalted Contributor

тАО08-22-2005 10:19 PM

тАО08-22-2005 10:19 PM

Re: SSH Reverse Lookup Errors

When you upgrade your os the rsa signatures are no longer valid. This probably has nothing to do with your reverse lookup.

You need to delete the old entries in the $HOME/.ssh/known_hosts file for the machines you are connecting to.

The inconsistent DNS behavior is something that should be looked at as far as the DNS records, but is not the cause of the error message.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Michael Williams_6
Trusted Contributor

тАО08-22-2005 10:37 PM

тАО08-22-2005 10:37 PM

Re: SSH Reverse Lookup Errors

Sorry - upgrade is mis-leading these were fresh built machines with a plan to upgrade our other hosts..!

I am also connecting using PuTTY from a Windows host, and there are no keys saved, but this behaviour also happens from our SLES8 hosts...

M
0 Kudos
Gopi Sekar
Honored Contributor

тАО08-22-2005 11:00 PM

тАО08-22-2005 11:00 PM

Re: SSH Reverse Lookup Errors


check the routing and network configurations on the new SLES 9 servers. this might occur if the routing information is bad (non existing route) or wrong DNS configurations also.

I believe there is one variable in /proc which can be enabled/disabled to instruct kernel to reverse name look up all the IP addresses. Try to disable reverse name look up

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Gopi Sekar
Honored Contributor

тАО08-23-2005 12:18 AM

тАО08-23-2005 12:18 AM

Re: SSH Reverse Lookup Errors


check in your /etc/sysctl.conf file for this key:
net.ipv4.conf.default.rp_filter = 1

if it is set to one try setting it to zero, reload sysctl by 'sysctl -p'.

The above value will disable source route verification which I believe does the reverse mapping.

Word of warning, you are touching proc file system and this change is permanent (it will be persistent even after reboot), so be ready to revert it back to old state if this does not solve your problem.

Hope this helps,
Gopi
Never Never Never Giveup
0 Kudos
Michael Williams_6
Trusted Contributor

тАО08-23-2005 12:27 AM

тАО08-23-2005 12:27 AM

Re: SSH Reverse Lookup Errors

Thanks Gopi - but that is set to 0 already :-(
0 Kudos
Ivan Ferreira
Honored Contributor

тАО08-23-2005 12:53 AM

тАО08-23-2005 12:53 AM

Solution

Re: SSH Reverse Lookup Errors

Try editing the /etc/sshd/sshd_config file and set:

UseDNS no

Default is yes. Restart the service

service sshd reload

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Michael Williams_6
Trusted Contributor

тАО08-23-2005 01:15 AM

тАО08-23-2005 01:15 AM

Re: SSH Reverse Lookup Errors

Ivan, you are a saint - that's the puppy!
0 Kudos
Michael Williams_6
Trusted Contributor

тАО08-23-2005 01:16 AM

тАО08-23-2005 01:16 AM

Re: SSH Reverse Lookup Errors

All working as expected now!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.