[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 2 00:14:14 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2327
Karl Schmidt <karl at xtronics.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |karl at xtronics.com
--- Comment #1 from Karl Schmidt <karl at xtronics.com> ---
This poorly titled bug has been around a long time. The key is the IP
address is missing.
This bug is alive at Cisco
https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv42794
It is also listed as a bug in Debian
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726579
Having the IP address on the same line - with info log level is
obviously needed for identifying attackers..
>From /var/log/auth.log
Jul 28 08:37:27 hostname sshd[12053]: fatal: no matching cipher found:
client
aes128-cbc,blowfish-cbc,3des-cbc server
aes256-ctr,aes192-ctr,aes128-ctr [preauth]
Jul 28 08:58:38 hostname sshd[12512]: fatal: Unable to negotiate a key
exchange method [preauth]
I think more examples of the missing IP address exist.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list