Configured the solaris box for reverse lookup either by Bind DNS or via /etc/hosts. I just upgraded from 3.6p2 to 3.7.1p2 and since now my lastlog file is not showing the last login information correctly. The output will be something like : user1 pts/2 ::ffff:192.168.50 Tue Feb 3 10:32 - 11:06 (00:33) The debug information is : Feb 3 13:50:05 xcsluxmgnt sshd[24674]: [ID 800047 auth.info] Accepted publickey for m364363 from ::ffff:192.168.50.242 port 4390 ssh2 Feb 3 13:50:05 xcsluxmgnt sshd[24674]: [ID 800047 auth.info] reverse mapping checking getaddrinfo for wcslux1002 failed - POSSIBLE BREAKIN ATTEMPT! Strange but true it worked previously on all my machines and I discovered it after upgrading several of my test machines.Reverse lookup works fine for telnet and ftp though. The behaviour is identical on solaris 8 as on solaris 9 Regards
Those looks IPv4 to IPv6 mapped addresses. You can try setting "ListenAddress 127.0.0.1" in sshd_config (to force it to listen on IPv4 only) to make or rebuilding after adding "#define BROKEN_GETADDRINFO 1" to config.h and recompiling. I have no idea why it's started doing it now (my Solaris 8 box shows normal IPv4 addresses if I disable DNS). $ last | head -1 dtucker pts/3 192.168.32.1 Wed Feb 4 01:08 still logged in
THanks for the feedback It is indeed a mapped IPV6 address and if I define the ListenAddress the problem is solved. Regards
Mass change of RESOLVED bugs to CLOSED