New Log Messages?
Bob Proulx
bob at proulx.com
Sat Jan 4 04:55:19 EST 2014
Damien Miller wrote:
> Bob Proulx wrote:
> > In recent months I started noticing a new type of log message.
> > ...
> > Just trying to understand what changed recently. Did the examples
> > change to include disconnect messages when they previously did
> > not?
>
> Not that I am aware - did you perhaps upgrade from some old version that
> was not logging the preauth messages?
I am always hesitant to mention version numbers upstream because I am
using a software distribution and as you know software distributions
support a single release for the lifetime of the distro's stable
release. I am running Debian Stable on my internet facing machines.
For Debian it is about two years. For me this is perfect.
In private mail I had someone point me to this serverfault question.
Apparently I was not the only one who noticed this change and was
asking questions about it. (shrug)
http://serverfault.com/questions/559200/what-does-normal-shutdown-thank-you-for-playing-preauth-in-ssh-logs-mean
And the answer proposed seems reasonable. That the disconnect message
wasn't logged by sshd previously and now it is being logged. In your
upstream sources this could have been a change any time in the last
two years. I only made the upgrade on my machines last summer from a
5.x release to a 6.x release. I have been noticing these for some
months but just finally decided to ask about it.
> > I do find it annoying that anyone on the net can log any message they
> > want to the syslog by sending it in the disconnect message. It makes
> > it more difficult to sift useful alert information from the syslog.
>
> It's useful information in some cases.
It has certainly seen use for some fun and games from the script
kiddies trying to shake the doors and lift the windows. :-) Although
thinking about it maybe I could write a rule for any unusual logged
message to feed into the fail2ban rules? Maybe.
In any case, thank you for maintaining ssh!
Bob
More information about the openssh-unix-dev
mailing list