'POSSIBLE BREAK IN ATTEMPT' in /var/log/auth.log when you use private key in putty?

Question

When when I ssh into my server from windows using putty without using public key authentication I get no indication of a "BREAK IN ATTEMPT" in /var/log/auth.log

However when I use DSA keys and set the appropriate path for the private key in putty:

Connection->SSH->Auth

Private key file for authenticationBrowse...

I am able to ssh into my server with public key authentication, however the /var/log/auth.log adds the following line to the log file

Address 192.168.1.1 maps to dd-wrt, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

Should this message be expected when I use public key authentication and my private key is on my windows comp/I use putty to ssh?

NOTE: My server and windows computer are both on the same LAN

Are you sure that message is from a login attempt on the same LAN? That message would indicate that the attempt is coming from the dd-wrt router. — Shane Madden, Dec 29 '11 at 21:10

score 0 · Accepted Answer · answered Dec 29 '11 at 21:09

This is not an error or a hack. The message you are seeing is because of the reverse lookup performed which will return a host name. It works like this, assuming that you are ssh'ing to host1 with ip 123.123.123.123 from host2:
lookup(host1) returns 123.123.123.123
but rev_lookup(123.123.123.123) might not return host1 but dd-wrt which is/was another host on the network. Check your DHCP server, it might help

'POSSIBLE BREAK IN ATTEMPT' in /var/log/auth.log when you use private key in putty?

1 Answers1