D-bus integration

Gregory Seidman gsslist+ssh at anthropohedron.net
Fri Apr 12 12:20:30 AEST 2024


Given the most recent security scare with distribution-patched sshd having
a backdoor because it indirectly linked to xz, I'd expect sentiment to be
strongly against adding any integrations.

While there is some utility to what you are suggesting, maybe it makes more
sense to split apart the fail2ban log parsing from its jail functionality
and use it to parse logs onto D-bus. Let's keep sshd as simple and secure
as it can be.

--Gregory

On Thu, Apr 11, 2024 at 05:01:37PM +0200, Krzysztof Kowalski wrote:
> Dear OpenSSH developers,
> 
> 
> I was looking at the fail2ban project and had an idea that instead of
> parsing log files it could be possible to notify interested parties (like
> fail2ban) via (for instance) D-bus about a failed login attempt.
> 
> Other application could also use this protocol to notify about suspect
> behaviors. A central functionality will allow for other (new) projects to
> integrate without much effort.
> 
> What do you think?
> 
> 
> Best regards
> 
> Krzysztof Kowalski
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list