LTM SSH userauth_hostbased mismatch

Question

We have thousands of entries in our log with the same message:&nbsp;
ltm 08-21 08:36:03 info LB01 sshd[1770]: userauth_hostbased mismatch: client sends servername.domain.com, but we resolve 10.28.66.48 to 10.28.66.48  
&nbsp;
SSH to this server/IP IS working so I don't understand the error message. The device in question is our Nagios server which interacts with the F5 on a regular basis. The server name resolves correctly so what is mismatched? Who is "we" in the log message? At a very minimum I need a way to STOP the logging of this message.&nbsp;
Product  BIG-IP
  Version  11.5.4
  Build    2.0.291
  Edition  Hotfix HF2&nbsp;
Any assistance is appreciated. &nbsp;

chris_olson_172 · Answer

Here is a little more detail noting the logs prior to the mismatch error. This happens EVERY second.&nbsp;
tm 08-23 15:42:02 info LB01 sshd[16559]: Accepted publickey for nagios from 10.28.66.48 port 45437 ssh2&nbsp;
ltm 08-23 15:42:02 info LB01 sshd[16562]: Postponed publickey for nagios from 10.28.66.48 port 45437 ssh2&nbsp;
ltm 08-23 15:42:02 info LB01 sshd[16559]: userauth_hostbased mismatch: client sends servername.domain                            t.com, but we resolve 10.28.66.48 to 10.28.66.48&nbsp;

lee_sutcliffe · Answer

Check your DNS PTR records, sounds like a reverse DNS query issue for servername.domain.com&nbsp;

Forum Discussion

LTM SSH userauth_hostbased mismatch

2 Replies

Recent Discussions

Need help on i-rule to specific uri path

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

Reverse Proxy Not Behaving

F5 terminal - help to run commands - disk space full

google autenticator broken barcode

Related Content

SSL protocol mismatch

Cipher suite mismatch advertisement/warning

Display a warning on client browser when cipher suite mismatch

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)