openssh-3.7.1p2 "Nasty PTR record"

From: Graham Vincent (graham_at_gpv.co.nz)
Date: 09/26/03 

Date: Fri, 26 Sep 2003 10:52:16 +1200

Hello.

I've just upgraded openssh on my server from 3.6.1p1 to 3.7.1.p1
and now to 3.7.1.p2

When I ssh into the box it is generating the following message in
/var/log/secure:

Sep 26 09:44:23 starship sshd[24746]: Accepted password for fred
from 192.168.1.5 port 32772 ssh2
Sep 26 09:44:23 starship sshd[24746]: Nasty PTR record
"ufo.gpv.co.nz" is set up for 192.168.1.5, ignoring

(names and numbers changed due to paranoia).

This seems to be coming from the canohost.c file in the ssh source
and hasn't occurred with previous versions of ssh on this box.

I'm running bind-9.2.2 (on the same machine) and as far as I can
tell everything is fine with the configuration files. Apart from
the message everything seems to be working OK.

The server started out as a RedHat 6.2 installation but many
changes later it has a 2.2.25 kernel and openssh, bind, sendmail
all built from the source releases.

Any ideas on what is causing the message, whether I should
worry, and how to stop it are welcome.

Regards,

Graham

Relevant Pages

  • openssh-3.7.1p2 "Nasty PTR record"
    ... I've just upgraded openssh on my server from 3.6.1p1 to 3.7.1.p1 ... This seems to be coming from the canohost.c file in the ssh source ...
    (comp.security.ssh)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
    (FreeBSD-Security)
  • Re: FreeBSD Crash without Errors, Warnings, or Panics
    ... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
    (freebsd-hackers)
  • Re: restrict ssh access
    ... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
    (comp.security.ssh)
  • Re: SSH as root
    ... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...
    (SSH)