[feature suggestion] sshd should log the listening port number while logging errors/warnings
Jochen Bern
Jochen.Bern at binect.de
Mon Jun 5 18:15:39 AEST 2023
On 05.06.23 08:59, Darren Tucker wrote:
> On Mon, 5 Jun 2023 at 16:29, Yuri <yuri at rawbw.com> wrote:
>> ssh_kex_exchange_identification: banner line contains invalid characters
> [...]
>> It would be easier to figure out where offending connections come from.
>
> The subsequent log line from sshpkt_fatal contains the source address
> and port of that connection:
I think that Yuri meant (one of his several) ssh*d*-side port(s).
There is SyslogFacility (plus the filtering capabilities of modern
syslogd's), but since that would quite likely leak sensitive information
out of the (better-protected) /var/log/secure on RHEL-like systems, I
can't really recommend (ab)using it.
However, I guess that allowing the sysadmin to change the progname/ident
parameter of the syslogging (like you can with the "daemon XYZ" setting
for multi-instance OpenVPN servers), rather than having it fixed to
"sshd", would prove more versatile than specifically adding the Port to
selected message( string)s ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230605/0beb6649/attachment.p7s>
More information about the openssh-unix-dev
mailing list