Thank you, Andy.
2013/4/8 Andy Smith <andy@???>
> Hi Sam,
>
> On Mon, Apr 08, 2013 at 12:22:27PM +0200, Samuel Bächler wrote:
> > Apr 2 00:59:34 hermann sshd[20368]: reverse mapping checking getaddrinfo
> > for isjhr-nxt.eduhr.ro [193.231.42.110] failed - POSSIBLE BREAK-IN
> ATTEMPT!
> > Apr 2 00:59:34 hermann sshd[20368]: Invalid user oracle from
> 193.231.42.110
> >
> > Is my understanding of these log entries correct? The first line says
> that
> > someone ssh-ed me from a domain isjhr-nxt.eduhr.ro but this domain does
> not
> > map to 193.231.42.110.
>
> Not quite. The reverse of 193.231.42.110 is isjhr-nxt.eduhr.ro:
>
> $ dig +noall +answer -x 193.231.42.110
> 110.42.231.193.in-addr.arpa. 10731 IN PTR ISJhr-nxt.eduhr.ro.
>
> But there is no matching A or AAAA record for ISJhr-nxt.eduhr.ro:
>
> $ dig +noall +answer -t a ISJhr-nxt.eduhr.ro
> $ dig +noall +answer -t aaaa ISJhr-nxt.eduhr.ro
> $
>
> Bear in mind that the two parts of the DNS here are often under the
> control of two different sets of people. For example, as a BitFolk
> customer you can set your reverse DNS to whatever you like, say
> fbi.gov. But since you (probably) have no access to fbi.gov DNS zone
> you cannot add matching A/AAAA records that point to your VPS.
>
> sshd is warning you not to believe the supplied "ISJhr-nxt.eduhr.ro"
> because lacking the matching A/AAAA records it is possible that they
> just made it up in the hope that you have some sort of DNS-based
> access control.
>
> SSH access control doesn't work like that so you don't need to worry
> about that.
>
> > The second line says that this person (programm) tried semething
> > like "ssh oracle@???".
>
> Yes, and it is an invalid user presumably because that user does not
> exist on your VPS.
>
> > Moreover, I do not have to worry about such entries.
>
> Yes, unless they guess a user name that does exist and that user
> name belongs to someone who may set a weak password.
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> > I'd be interested to hear any (even two word) reviews of their sofas…
> Provides seating. — Andy Davidson
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAlFinSoACgkQIJm2TL8VSQuwaQCg0RiswpuORsWEhDR1ECbhFym/
> S8kAoIMIsJRNx3SVur4bISpyGfdUoge2
> =3WAm
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
--
Samuel Bächler
Obere Bläsistrasse 1
8049 Zürich
Web: boeser.ch
Tel: +41(0)43 817 46 28
Mob: +41(0)79 478 49 42
