[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 2 00:14:14 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2327

Karl Schmidt <karl at xtronics.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |karl at xtronics.com

--- Comment #1 from Karl Schmidt <karl at xtronics.com> ---
This poorly titled bug has been around a long time.  The key is the IP
address is missing. 

This bug is alive at Cisco
https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv42794

It is also listed as a bug in Debian 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726579


Having the IP address on the same line - with info log level is
obviously needed for identifying attackers..

>From /var/log/auth.log

Jul 28 08:37:27 hostname sshd[12053]: fatal: no matching cipher found:
client 
aes128-cbc,blowfish-cbc,3des-cbc server
aes256-ctr,aes192-ctr,aes128-ctr [preauth]

Jul 28 08:58:38 hostname sshd[12512]: fatal: Unable to negotiate a key
exchange method [preauth]

I think more examples of the missing IP address exist.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list