[openssh-commits] [openssh] 02/04: upstream: Log errors in kex_exchange_identification() with level

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Aug 28 13:34:42 AEST 2023 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d2d247938b38b928f8a6e1a47a330c5584d3a358
Author: tobhe at openbsd.org <tobhe at openbsd.org>
Date:   Mon Aug 21 21:16:18 2023 +0000

    upstream: Log errors in kex_exchange_identification() with level
    
    verbose instead of error to reduce preauth log spam. All of those get logged
    with a more generic error message by sshpkt_fatal().
    
    feedback from sthen@
    ok djm@
    
    OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
---
 kex.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/kex.c b/kex.c
index fd04bb0b..502da12e 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.179 2023/08/18 01:37:41 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.180 2023/08/21 21:16:18 tobhe Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1353,7 +1353,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 			len = atomicio(read, ssh_packet_get_connection_in(ssh),
 			    &c, 1);
 			if (len != 1 && errno == EPIPE) {
-				error_f("Connection closed by remote host");
+				verbose_f("Connection closed by remote host");
 				r = SSH_ERR_CONN_CLOSED;
 				goto out;
 			} else if (len != 1) {
@@ -1369,7 +1369,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 			if (c == '\n')
 				break;
 			if (c == '\0' || expect_nl) {
-				error_f("banner line contains invalid "
+				verbose_f("banner line contains invalid "
 				    "characters");
 				goto invalid;
 			}
@@ -1379,7 +1379,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 				goto out;
 			}
 			if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
-				error_f("banner line too long");
+				verbose_f("banner line too long");
 				goto invalid;
 			}
 		}
@@ -1395,7 +1395,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 		}
 		/* Do not accept lines before the SSH ident from a client */
 		if (ssh->kex->server) {
-			error_f("client sent invalid protocol identifier "
+			verbose_f("client sent invalid protocol identifier "
 			    "\"%.256s\"", cp);
 			free(cp);
 			goto invalid;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list