[Bug 2326] New: INFO logging fails client with mis-configured DNS
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Dec 6 07:30:09 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2326
Bug ID: 2326
Summary: INFO logging fails client with mis-configured DNS
Product: Portable OpenSSH
Version: 5.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sftp-server
Assignee: unassigned-bugs at mindrot.org
Reporter: paul at mackinney.net
I'm running an openssh server with internal-sftp and an sftponly group
whose members can only sftp into a chroot environment. I've specified
INFO level logging and added a rule to rsyslog so that I get file level
event logging.
One client connected and I didn't get any logging for opendir,
closedir, open or close events. I did get a reverse mapping error:
2014-11-24 13:23:06 host1 sshd[7527]: reverse mapping checking
getaddrinfo for a-b-c-d-static.hfc.comcastbusiness.net [a.b.c.d] failed
- POSSIBLE BREAK-IN ATTEMPT!
2014-11-24 13:23:12 host1 sshd[7527]: Accepted publickey for bob
from a.b.c.d port 56663 ssh2
2014-11-24 13:23:12 host1 sshd[7527]: pam_unix(sshd:session):
session opened for user bob by (uid=0)
2014-11-24 13:23:12 host1 sshd[7536]: subsystem request for sftp
I was able to reproduce this behavior by setting up an instance of
bind9 with mismatched A and PTR entries.
Setting "UseDNS=no" in sshd_config seems to be the workaround.
I realize that UseDNS=no is or will be the default, and that there's a
standing feature request regarding sftp-server logging; I'm reporting
this in case someone thinks the behavior merits investigation.
Misconfigured client DNS is no reason to suppress event logging.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list