[Bug 3055] New: Need some high-probability logging re MaxStartups

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Aug 11 20:50:39 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3055

            Bug ID: 3055
           Summary: Need some high-probability logging re MaxStartups
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: oxwghc at fyvzl.net

Hi.

Currently, when MaxStartups is reached, sshd logs a single message per
dropped connection, at severity "verbose" (which doesn't appear
anywhere by default).

It seems to me that things that stop ssh working should be logged a bit
higher than verbose.  These connection drops can be quite mysterious
nuisance otherwise.

Of course there's the problem that one message per such connection
would be a DoS opportuity in itself.

For a troubleshooter to be able to tell what's going on, it would be
good for there to be at least *some* high-priority message relatively
near in time to each drop.  Also, a transition from "we are dropping
connections sometimes" to "things are fine" should be somehow
determinable by looking at the logs.

I propose the following broad approach:

 * The first time a connection is dropped because of MaxStartups, log a
message with severity ERROR.
 * Periodically (every minute maybe?) report on number or proportion of
dropped connections, again at severity ERROR.
 * If connections stop being dropped, make this clear in the log (with
a message which implies that the next drop will be reported
immediately), maybe ERROR or INFO.

In a bit more detail:

 * Maintain a counter of dropped connections, initially 0
 * Maintain a timer, initially inactive
 * When a connection is dropped:
    - If the timer is not running, report
           MaxStartups: first drop of a connection
      and set the timer.  (The counter remains at 0.)
    - If the timer is running, increment the counter (only)
 * When the timer fires:
    - If the counter is nonzero, report
           MaxStartups: %d drops since last report
      and reset the timer.
    - If the counter is zero, report
           MaxStartups: no longer dropping connections
      and do not reset the timer.

If a proper timer is awkward to implement in the sshd main loop, it
would be good enough to remember when we last printed a message, and
check that elapsed time after making the MaxStartups decision for each
new connection.

A more sophisticated approach might distinguish random from always
dropping, or sometimes report client or server addresses, or something.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list