[Bug 2326] New: INFO logging fails client with mis-configured DNS

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Dec 6 07:30:09 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2326

            Bug ID: 2326
           Summary: INFO logging fails client with mis-configured DNS
           Product: Portable OpenSSH
           Version: 5.3p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sftp-server
          Assignee: unassigned-bugs at mindrot.org
          Reporter: paul at mackinney.net

I'm running an openssh server with internal-sftp and an sftponly group
whose members can only sftp into a chroot environment. I've specified
INFO level logging and added a rule to rsyslog so that I get file level
event logging.

One client connected and I didn't get any logging for opendir,
closedir, open or close events. I did get a reverse mapping error:

    2014-11-24 13:23:06 host1 sshd[7527]: reverse mapping checking
getaddrinfo for a-b-c-d-static.hfc.comcastbusiness.net [a.b.c.d] failed
- POSSIBLE BREAK-IN ATTEMPT!
    2014-11-24 13:23:12 host1 sshd[7527]: Accepted publickey for bob
from a.b.c.d port 56663 ssh2
    2014-11-24 13:23:12 host1 sshd[7527]: pam_unix(sshd:session):
session opened for user bob by (uid=0)
    2014-11-24 13:23:12 host1 sshd[7536]: subsystem request for sftp

I was able to reproduce this behavior by setting up an instance of
bind9 with mismatched A and PTR entries.

Setting "UseDNS=no" in sshd_config seems to be the workaround.

I realize that UseDNS=no is or will be the default, and that there's a
standing feature request regarding sftp-server logging; I'm reporting
this in case someone thinks the behavior merits investigation.
Misconfigured client DNS is no reason to suppress event logging.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list