On Thu, Aug 11, 2011 at 11:18:05AM -0600, Jeff Ross wrote: > >>2011-08-11 10:20:34.701069500 auth.info: sshd[20129]: Address > >>71.37.181.185 maps to heinlein.openvistas.net, but this does not map > >>back to the address - POSSIBLE BREAK-IN ATTEMPT!
<cut> > Yes, that was it. I'd changed the name of the remote server in > /etc/myname but left it in /etc/hosts and the order is lookup file bind. > > Thanks! > > Jeff It would be cool if this OpenSSH message was a bit more verbose to what the forward lookup sees. But it doesn't look as cool as POSSIBLE BREAK-IN ATTEMPT, and likely creates confusion with round-robin addresses. In your case the problem was not debuggable with dns lookups alone because you used a hosts entry. Either way the message, to me, shoots up adrenalin levels with little reasoning behind it. So you got Adrenalin, Confusion or stupid looking error messages, pick two. :-) Cheers, -peter