Reverse Mapping Checking – Possible Break-in Attempt Error with SSH

When you connect to a host using SSH or SFTP it does a series of checks to ensure you are connecting to the host you are expecting to connect to. One of these is a reverse lookup on the IP address to check the hostname is the same as the hostname you are connecting to. If it’s not, you’ll get an error message like “reverse mapping checking getaddrinfo for … POSSIBLE BREAK-IN ATTEMPT!”. The post looks at a solution to this message.

Connecting from the command line, you might enter something like this:

ssh my.example.com

and get some output like this:

Connecting to my.example.com...
reverse mapping checking getaddrinfo for 192-168-1-243.foo.bar.net failed - POSSIBLE BREAK-IN ATTEMPT!
chris@my.example.com's password:

What this is telling us is that although we are connecting to my.example.com the IP address of the server we are connecting to actually maps back to 192-168-1-243.foo.bar.net in this example. When this actually happened to me, it’s because the reverse DNS had not been set up for the server (which would map e.g. 192.168.1.243 to my.example.com as well as vice versa).

Because I knew this reverse mapping was OK, I can add an entry to my hosts file and it will stop the error message from happening. For the above example, I would add the following to my hosts file:

192.168.1.243  my.example.com

Now when I log in using SSH from the command line I won’t get that error message any more.

发表评论