[Bug 2199] "Too many authentication failures for root" does not log IP

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 6 22:00:48 EST 2014


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
I think what you want is in 6.5:

auth.c in 6.5 has:

revision 1.160
date: 2013-06-02 07:41:51 +1000;  author: dtucker;  state: Exp;  lines:
+26 -4;
   - djm at cvs.openbsd.org 2013/05/19 02:42:42
     [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
     Standardise logging of supplemental information during userauth.
     and ruser is now logged in the auth success/failure message
     the local username, remote host/port and protocol in use.
     contents and CA are logged too.
     Pushing all logging onto a single line simplifies log analysis as
it is
     no longer necessary to relate information scattered across
multiple log
     entries. "I like it" markus@

I don't think the exact line you're quoting has an IP address (it's a
copy of the disconnection message sent to the client) but all of the
details you want should be available in other messages.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list