Hi All,
I use SSH for remote logins to my server(only I(1 person) have
access). However, I tend to login from a variety of places. hence when I do
a "last | less" I can see either the IP address or the Hostname I was
logging in from.
The problem here is that somehow, out (company) DNS servers or something
does not update itself in such a way that it verifies the hostname. eg : 1
ip address can have 2 hostnames. I'm not sure why or how this is possible.
And My company has an ip say 192.168.0.1 block and WAN link has 10.0.0.1
block. In the last output, I see I have logged in from 10.0.0.1 block when,
clearly I have not. I'm sure it's not a big problem as in someone cracked my
server, but being paranoid, can I
1. Reverse DNS lookup?
2. Just state the IP address
3. Have both the IP and DNS name in the syslog?
how about having more verbose levels of Logging. Changing LogLevel to
Debug(sshd_config) doesn't give too much details.
Can I buy a clue here?
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
