I use PuTTY, and I use a key generated with PuTTYgen. My server is a VPS running Ubuntu 14.04 (perhaps this belongs on askubuntu, but I think it may not be Ubuntu specific). The public portion of the key is in ~/.ssh/authorized_keys on my server account. The private key is on my PC and not pass-phrase protected.
I attempted to connect to my server after a few days, and received server refused our key. I immediately tried again with success.
The following is in /var/log/auth.log (The POSSIBLE BREAK-IN ATTEMPT message is normal, I know that's not a flag):
Apr 20 21:10:08 blue sshd[6332]: reverse mapping checking getaddrinfo for my_host [my_ip] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:10:17 blue sshd[6332]: Connection closed by my_ip [preauth]
Apr 20 21:10:28 blue sshd[6334]: reverse mapping checking getaddrinfo for my_host [my_ip] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:10:28 blue sshd[6334]: Accepted publickey for steve from my_ip port 55185 ssh2: RSA key_signature_I_think
Apr 20 21:10:28 blue sshd[6334]: pam_unix(sshd:session): session opened for user steve by (uid=0)
Apr 20 21:10:28 blue sshd[6334]: pam_systemd(sshd:session): Failed to create session: No such file or directory
Could this be a man in the middle? A bug in PuTTY? Is this common? I would not expect it to fail since TCP is pretty solid.
What would cause this behavior?
Note: My VPS setup: After the server was initialized new on the VPS, I set up key based encryption, battened down sudo a little, moved sshd to a different port. I set up my .bashrc to start tmux. Nothing special. The server has been running for a few weeks doing not much of anything. Before I moved sshd, I got quite a few connections (none supposedly successful), but after nothing but my own logins. And then the event in the question happened.
