[Bug 2327] New: sshd to log one unique string or prefix after connection failure, no matter why.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Dec 14 09:45:49 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2327

            Bug ID: 2327
           Summary: sshd to log one unique string or prefix after
                    connection failure, no matter why.
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: octavsly at gmail.com

To allow fail2ban to correctly ban some sshd attacks, more information
would be needed to be logged:

More is discussed at: https://github.com/fail2ban/fail2ban/issues/864


==Quote=====
It make more sense, if at last sshd would log one unique string or
prefix after connection failure, no matter why.
Something like:

Nov 25 01:33:13 srv sshd[...]: Failure from <HOST>: <here can be a
reason why ...>

Or if sshd gets a system callback (like call_if_fails) with address of
failed connection. Then we can self produce a failure for fail2ban.
====================

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list