Bug 800

Summary: reverse lookup solaris
Product: Portable OpenSSH Reporter: Koenm <koen.maris>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: minor    
Priority: P2    
Version: -current   
Hardware: UltraSPARC   
OS: Solaris   

Description Koenm 2004-02-03 05:54:26 AEDT 
Configured the solaris box for reverse lookup either by Bind DNS or 
via /etc/hosts. I just upgraded from 3.6p2 to 3.7.1p2 and since now my lastlog 
file is not showing the last login information correctly. The output will be 
something like :
user1       pts/2        ::ffff:192.168.50 Tue Feb  3 10:32 - 11:06  (00:33)

The debug information is :
Feb  3 13:50:05 xcsluxmgnt sshd[24674]: [ID 800047 auth.info] Accepted 
publickey for m364363 from ::ffff:192.168.50.242 port 4390 ssh2
Feb  3 13:50:05 xcsluxmgnt sshd[24674]: [ID 800047 auth.info] reverse mapping 
checking getaddrinfo for wcslux1002 failed - POSSIBLE BREAKIN ATTEMPT!

Strange but true it worked previously on all my machines and I discovered it 
after upgrading several of my test machines.Reverse lookup works fine for 
telnet and ftp though. The behaviour is identical on solaris 8 as on solaris 9

Regards
Comment 1 Darren Tucker 2004-02-03 07:13:32 AEDT 
Those looks IPv4 to IPv6 mapped addresses.  You can try setting "ListenAddress
127.0.0.1" in sshd_config (to force it to listen on IPv4 only) to make or
rebuilding after adding "#define BROKEN_GETADDRINFO 1" to config.h and recompiling.

I have no idea why it's started doing it now (my Solaris 8 box shows normal IPv4
addresses if I disable DNS).
$ last | head -1
dtucker   pts/3        192.168.32.1     Wed Feb  4 01:08   still logged in
Comment 2 Koenm 2004-02-03 08:41:27 AEDT 
THanks for the feedback
It is indeed a mapped IPV6 address and if I define the ListenAddress the 
problem is solved.

Regards
Comment 3 Damien Miller 2004-04-14 12:24:20 AEST 
Mass change of RESOLVED bugs to CLOSED