potentially confusing log message?
Damien Miller
djm at mindrot.org
Sat Aug 17 18:08:43 AEST 2024
yes, that is accidentally backwards. I'll fix
On Fri, 16 Aug 2024, Peter Johnson wrote:
> Hi there --
>
> I'm running openssh-9.8p1 on Arch Linux and recently I've been seeing quite a
> few log messages of this form (identifying information changed to protect the
> innocent):
>
> sshd[1234]: Timeout before authentication for connection from 12.34.56.78 to 87.65.43.21, pid = 123456
>
> The confusing thing is that 12.34.56.78 is the IP address of the machine
> running sshd, and thus the phrasing of the message suggests that sshd itself
> is trying to initiate a connection to 87.65.43.21, which is kind of terrifying
> to me given how the machine is used.
>
> I poked around the code and I think the message consed up in child_register
> (sshd.c:265) has laddr and raddr transposed:
>
> xasprintf(&child->id, "connection from %s to %s", laddr, raddr);
>
> should be:
>
> xasprintf(&child->id, "connection from %s to %s", raddr, laddr);
>
> The phrasing "from X to Y" suggests that X is the client and Y is the server;
> since this is sshd, by definition, the client is remote (raddr) and the server
> is local (laddr). Note also that the call to xasprintf four lines earlier
> uses raddr as the "from".
>
> pete
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list