Thank you, Andy.

2013/4/8 Andy Smith <andy@bitfolk.com>
Hi Sam,

On Mon, Apr 08, 2013 at 12:22:27PM +0200, Samuel Bächler wrote:
> Apr  2 00:59:34 hermann sshd[20368]: reverse mapping checking getaddrinfo
> for isjhr-nxt.eduhr.ro [193.231.42.110] failed - POSSIBLE BREAK-IN ATTEMPT!
> Apr  2 00:59:34 hermann sshd[20368]: Invalid user oracle from 193.231.42.110
>
> Is my understanding of these log entries correct? The first line says that
> someone ssh-ed me from a domain isjhr-nxt.eduhr.ro but this domain does not
> map to 193.231.42.110.

Not quite. The reverse of 193.231.42.110 is isjhr-nxt.eduhr.ro:

    $ dig +noall +answer -x 193.231.42.110
    110.42.231.193.in-addr.arpa. 10731 IN   PTR     ISJhr-nxt.eduhr.ro.

But there is no matching A or AAAA record for ISJhr-nxt.eduhr.ro:

    $ dig +noall +answer -t a ISJhr-nxt.eduhr.ro
    $ dig +noall +answer -t aaaa ISJhr-nxt.eduhr.ro
    $

Bear in mind that the two parts of the DNS here are often under the
control of two different sets of people. For example, as a BitFolk
customer you can set your reverse DNS to whatever you like, say
fbi.gov. But since you (probably) have no access to fbi.gov DNS zone
you cannot add matching A/AAAA records that point to your VPS.

sshd is warning you not to believe the supplied "ISJhr-nxt.eduhr.ro"
because lacking the matching A/AAAA records it is possible that they
just made it up in the hope that you have some sort of DNS-based
access control.

SSH access control doesn't work like that so you don't need to worry
about that.

> The second line says that this person (programm) tried semething
> like "ssh oracle@my.vps".

Yes, and it is an invalid user presumably because that user does not
exist on your VPS.

> Moreover, I do not have to worry about such entries.

Yes, unless they guess a user name that does exist and that user
name belongs to someone who may set a weak password.

Cheers,
Andy

--
http://bitfolk.com/ -- No-nonsense VPS hosting

> I'd be interested to hear any (even two word) reviews of their sofas…
Provides seating.         — Andy Davidson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAlFinSoACgkQIJm2TL8VSQuwaQCg0RiswpuORsWEhDR1ECbhFym/
S8kAoIMIsJRNx3SVur4bISpyGfdUoge2
=3WAm
-----END PGP SIGNATURE-----

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users




--
Samuel Bächler
Obere Bläsistrasse 1
8049 Zürich

Web: boeser.ch
Tel:   +41(0)43 817 46 28
Mob: +41(0)79 478 49 42