If you’ve been using SSH for long you’ve probably seen this at least once: Address 126.96.36.199 maps to www.foobar.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sometimes this is helpful. Sometimes this is really annoying and incorrect. Assuming you are a moderately well informed sysadmin and know that this message can safely be ignored, you might have been stumped trying to silence it. You may have tried every option in
man ssh_options and even some of your own (
STFU on?) I think I may be able to help.
First, let’s make sure we understand the situation. OpenSSH is trying to protect you from an exploit. If you are connecting via SSH to www.foobar.com for the first time, you may be vulnerable to a man in the middle attack. If the forward and reverse DNS don’t match, that might be a sign that this sort of attack is being attempted.
If you’re sure you know what you’re doing, though, and your OpenSSH client is warning you about a situation that you already know about, then try the SSH option:
(I figured this out by using the -vv option to the SSH command line client. It says Next authentication method: gssapi-with-mic right before the error.)
In my case the client and server are already acquainted via mutual public key exchange (client has known_hosts for the server, and server has authorized_keys for the client) so whether or not the DNS entries look hinky is immaterial. I’m in the process of migrating from one hosting environment to another so I can’t “fix” the DNS situation for another couple of weeks. Meanwhile I’m getting these warnings every hour in an email to root, which is annoying, as it currently forwards to me. And since I’m not using GSSAPI, turning it off is fine also.
Please do make sure you know that your situation is secure before disabling warnings like this. OK now I’ve said it enough times, make the annoying warnings go away.