Red Hat Bugzilla – Bug 217925
OpenSSH does not look up IP addresses properly
Last modified: 2007-11-30 17:11:50 EST
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up a machine `foo.org' that is also known as `bar.com' (through a
2. on the machine, run "ssh bar.com pwd"
3. look in /var/log/secure
* The log file will have a bogus alert saying:
Address <your-ip> maps to foo.org, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT!
* Not expecting any alerts
This error message comes from `get_remote_hostname' in "canohost.c" in the
openssh source. I traced some of it, and it looks like it gets to do a
lookup for your real name ("foo.org" in the above example), and that returns
"127.0.0.1", which is different from "<your-actual-ip>". You can see that
by printing the values of `ntop' and `ntop2' (before their comparison fails)
and see that the first is your IP address, and the second is "127.0.0.1".
You probably have foo.org in /etc/hosts with the 127.0.0.1 entry.
Otherwise <your-actual-ip> should be returned.
My 127.0.0.1 entry in /etc/hosts looks like this:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 foo foo.org localhost.localdomain localhost
::1 foo foo.org localhost.localdomain localhost
Are you saying that it should *not* have "foo" and "foo.org" in there?
(That does seems to make the alert message go away, but the comment at the
beginning of the hosts file makes me worried. I'm not the one who wrote it.)
It is written by anaconda during install but when you have actual non localhost
IP the foo and foo.org should be removed manually from these lines and another
entries with the actual IP address should be added.
It would be a *very* good idea to make the generated comment
explain all that. Or at least refer to some url where it is
Wouldn't this same problem occur if you had multiple IP addresses on the same
Only if all of them reverse mapped to a single DNS name and that is clearly
Here the problem is that reverse mapping for external IP maps to foo.org but it
resolves to 127.0.0.1 and not the external IP.
Even if you have an IPv4 and IPv6 address reverse to a single DNS name?