Log message

Damien Miller djm at mindrot.org
Tue Mar 14 11:18:26 EST 2006

On Mon, 13 Mar 2006, Linux wrote:

> Hi,
> I'm working on some project which is sort of log filter.
> Last few days I noticed that there are some wacky people
> scanning sshd port all the time from anywhere.
> Although sshd reports it with syslog error message which is
> very helpful, I'd like to know the source ip address with
> following message:
> canohost.c: around line #100
>     if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
>         logit("reverse mapping checking getaddrinfo for %.700s "
>             "from address %.100s failed - POSSIBLE BREAKIN ATTEMPT!",
>             ntop, name);
>         return xstrdup(ntop);
>     }

Good point, fixed. The other message of this type already logged the 

The new message will look like:

        logit("reverse mapping checking getaddrinfo for %.700s "
            "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);


More information about the openssh-unix-dev mailing list