[Bug 2717] MonitoringHosts option - suppress Connection reset entries from known hosts

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue May 16 20:12:31 AEST 2017


--- Comment #2 from john+mindrot at paladyn.org ---
(In reply to Damien Miller from comment #1)
> This looks like a bug in nagios:
> https://sourceforge.net/p/nagiosplug/bugs/196/

That bug refers to where the connection is not properly closed by
check_ssh. My point is that if there is a connection to my system,
checking, for example to see if sshd is running, and possibly what
version it is running, then if the connection came from a system
outside my control then this is a probe by an attacker, and should be
logged. If it comes from my monitoring system, which could be checking
frequently to make sure that sshd is still running, then logging those
checks just adds noise to the log file.

Systems which process those logs, such as fail2ban, denyhosts, snort
etc can all post process the monitoring host (or hosts) entries out,
but it would make real probes more obvious in the logs if the
monitoring connections were suppressed.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list