scp 报错:reverse mapping checking getaddrinfo for......failed - POSSIBLE BREAK-IN ATTEMPT!
今天在使用scp的时候提示如下内容:
reverse mapping checking getaddrinfo for 113.196.56.184.ll.static.sparqnet.net failed - POSSIBLE BREAK-IN ATTEMPT!
上网查询得到如下内容 http://blog.csdn.net/dingxy/archive/2008/05/05/2394900.aspx,好像是跟ip反解析有关,不影响ssh的使用,于是不过多管它。
今天在使用SCP的时候遇到个一个error,如下:
reverse mapping checking getaddrinfo for XXX.XXXX.com failed - POSSIBLE BREAKIN ATTEMPT!^M
我用ssh 连接了一下XXX.XXXX.com,同样的问题
reverse mapping checking getaddrinfo for sXXX.XXXX.com failed - POSSIBLE BREAKIN ATTEMPT!
Last login: Mon May 5 16:50:08 2008 from 192.168.82.128
但是,还是能进入 XXX.XXXX.com。
找到以下解释:
Reverse Mapping Checking - Possible Break-in Attempt Error with SSH
Posted May 2nd, 2008 in Linux/Unix/BSD
When you connect to a host using SSH or SFTP it does a series of checks to ensure you are connecting to the host you are expecting to connect to. One of these is a reverse lookup on the IP address to check the hostname is the same as the hostname you are connecting to. If it's not, you'll get an error message like "reverse mapping checking getaddrinfo for … POSSIBLE BREAK-IN ATTEMPT!". The post looks at a solution to this message.
当使用SSH或SFTP连接某个host时,会有一系列的检查以保证你能够连接到你想连接的机器。其中一项是 “reverse lookup on the IP address”检查机器名称和你要连接的机器名称一致。否则,你会得到这样一个错误信息:"reverse mapping checking getaddrinfo for … POSSIBLE BREAK-IN ATTEMPT!".
Connecting from the command line, you might enter something like this:
ssh my.example.comand get some output like this:
Connecting to my.example.com…reverse mapping checking getaddrinfo for 192-168-1-243.foo.bar.net failed - POSSIBLE BREAK-IN ATTEMPT!
chris@my.example.com's password:What this is telling us is that although we are connecting to my.example.com the IP address of the server we are connecting to actually maps back to 192-168-1-243.foo.bar.net in this example. When this actually happened to me, it's because the reverse DNS had not been set up for the server (which would map e.g. 192.168.1.243 to my.example.com as well as vice versa)。
这是告诉我们,尽管我们在连接my.example.com ,但是实际上该server的IP 地址对应到192-168-1-243.foo.bar.net 。但这个发生的时候,就是因为server 上的reverse DNS 没有设置好。
举例说,应该是把192.168.1.243 映射到 my.example.com 。
Because I knew this reverse mapping was OK, I can add an entry to my hosts file and it will stop the error message from happening. For the above example, I would add the following to my hosts file:
192.168.1.243 my.example.com,Now when I log in using SSH from the command line I won't get that error message any more.
这里有一个解决方法,修改ssh配置文件,让这个消息不再显示。
from http://iceskysl.1sters.com/?p=478
Get POSSIBLE BREAK-IN ATTEMPT msg when i ssh to s server
when i ssh to a server,i get some message like this:
Address 192.168.5.12 maps to localhost, but this does not map back to the address – POSSIBLE BREAKIN ATTEMPT!
Solution:
Modify the "/etc/ssh/ssh_config" file at localhost
GSSAPIAuthentication no
exp:
ssh 192.168.1.110时报错上述错,本地是192.168.1.20 ,则修改本地192.168.1.20中的/etc/ssh/ssh_config,把参数GSSAPIAuthentication no修改就可以了……或者修改服务器端192.168.1.110上的/etc/ssh/sshd_config ,把参数GSSAPIAuthentication no改了也可以。要注意的是/etc/ssh/ssh_config和/etc/ssh/sshd_confg的区别。
延伸阅读:SH登陆响应慢的问题
同样的问题,有可能是两种情况:
第一种情况比较常见,也有很多资料提及到,就是在SSH登陆时服务器端会对客户端的IP进行反解析造成登陆响应慢的问题,通常改sshd_config的“UseDNS no”即可以。
第二种情况,服务器端启用了GSSAPI[1]。登陆的时候客户端需要对服务器端的IP地址进行反解析,如果服务器的IP地址没有配置PTR记录,那么就容易在这里卡住了。
对于这种情况,就有必要禁用GSSAPI认证以加速SSH登陆,具体有下面几种方式:
- 解法一:使用ssh命令时使用附加的参数:ssh -o GSSAPIAuthentication=no server_address
- 解法二:修改客户端ssh_config(/etc/ssh/ssh_config或~/.ssh/config):GSSAPIAuthentication no
- 解法三:修改服务器端的sshd_config(/etc/ssh/ssd_config):GSSAPIAuthentication no
参考:
- [1] - GSSAPI
- 禁用ssh的GSSAPI提升连接速度
scp 报错:reverse mapping checking getaddrinfo for......failed - POSSIBLE BREAK-IN ATTEMPT!相关推荐
- reverse mapping checking getaddrinfo for bogon failed – POSSIBLE BREAK-IN ATTEMPT! 错误
今天做ssh脚本查询远程服务器运行时间登录报了一个 reverse mapping checking getaddrinfo for bogon failed – POSSIBLE BREAK-IN ...
- 解决Ssh/Scp报错:Someone Could Be Eavesdropping On You Right Now (Man-In-The-Middle Attack)!
解决SSH/Scp报错:Someone Could Be Eavesdropping On You Right Now (Man-In-The-Middle Attack)! 主要现象:ssh/scp ...
- scp 报错 not a regular file
cnblogs中最新更新地址 scp 报错 not a regular file 两台 linux 服务器之间拷贝文件: 从 A 服务器(192.168.1.113) 拷贝到 B 服务器: 命令: ...
- Hadoop报错:All specified directories are failed to load.
Hadoop报错:All specified directories are failed to load. 先将所有的Hadoop进程停掉,然后清空将所有节点的Hadoop的安装目录下的data目录 ...
- linux 修改网卡报错xe,centos修改端口出现Failed to start OpenSSH server daemon 启动报错和-xe报错的解决方法...
修改SSH端口: # vi /etc/ssh/sshd_config 里面找port 22,在前面加上#,去掉注释,然后把22改成你想要的端口. #port 22 建议去掉注释之前,先增加你需要的端口 ...
- nginx 启动报错 “/var/run/nginx/nginx.pid“ failed” 解决方法
nginx 启动报错 "/var/run/nginx/nginx.pid" failed" 解决方法 参考文章: (1)nginx 启动报错 "/var/run ...
- 启动报错 Bean instantiation via factory method failed
启动报错 Bean instantiation via factory method failed 在引入 mybatis-plus 之后,启动项目总是报错 Bean instantiation vi ...
- Flask报错:sqlite3.IntegrityError: NOT NULL constraint failed: step. date
Flask报错:sqlite3.IntegrityError: NOT NULL constraint failed: step. date 报错如图 解决方法 报错如图 解决方法 开始: db=co ...
- 高德地图H5 定位失败报错 geolocation time out. Get ipLocation failed解决方案
高德地图H5 定位失败报错 geolocation time out. Get ipLocation failed的解决方法. 前言:此坑踩得我挺难受的,搞了三天 需求:进入页面,获取用户具体经纬度并 ...
最新文章
- 17、Windows API 图形用户界面(1)
- Hama笔记:Unable to load native-hadoop library 和 Snappy native library not loaded 的解决
- 第5章-Vue.js交互及生命周期练习
- 【数学建模】图论模型-dijkstra算法(最优化)
- KVO 和 KVC 的区别?
- java 接口强制转换_三分钟学习Java泛型中T、E、K、V、?的含义
- 【Flink】Flink连接prometheus报错 IOException :Response code formxxx/metrics/job/rule
- ansys icem cfd网格划分技术实例详解_详解航空燃油滑油3D打印热交换器设计流程...
- 车牌的归属地(省份和地级市) js
- 信息系统项目管理重点:供应链管理(SCM)
- 用VC++自制王码五笔输入法安装包(转)
- smartdrv.exe 文件说明
- [python库]psd文件操作库--psd_tools
- PMP第6版 每日工具
- python使用pandas处理excel数据
- 基于HTML美中华传统文化题材网页项目的设计与实现 (纯HTML+CSS制作中国茶文化网站)
- 鲲鹏devkit开发套件——编译调试工具介绍
- c 语言printf输出,位数不够补0
- DM单机包含集群搭建
- Java中isBlank()和isEmpty()的区别