From owner-freebsd-questions@FreeBSD.ORG Thu Jun 9 18:42:39 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E61B816A41C for ; Thu, 9 Jun 2005 18:42:39 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9B9D43D55 for ; Thu, 9 Jun 2005 18:42:39 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/8.12.11/smtpout10/MantshX 4.0) with ESMTP id j59IgcsK014951; Thu, 9 Jun 2005 11:42:38 -0700 (PDT) Received: from [10.1.1.153] (nfw1.codefab.com [199.103.21.225]) (authenticated bits=0) by mac.com (Xserve/smtpin08/MantshX 4.0) with ESMTP id j59IgabQ024227; Thu, 9 Jun 2005 11:42:37 -0700 (PDT) In-Reply-To: <20050609131223.GA18795@mccme.ru> References: <20050609131223.GA18795@mccme.ru> Mime-Version: 1.0 (Apple Message framework v730) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <9962013F-5D26-4A95-95C2-6C0E8EB20235@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Thu, 9 Jun 2005 14:42:44 -0400 To: "Eugene M. Minkovskii" X-Mailer: Apple Mail (2.730) Cc: freebsd-questions@freebsd.org Subject: Re: (fwd) sshd events X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 18:42:40 -0000 On Jun 9, 2005, at 9:12 AM, Eugene M. Minkovskii wrote: > I put some users into AllowGroups, in logs I can read something > like this: "User xxx not allowed because none of user's groups > are listed in AllowGroups", and I can't see from what IP I got > this request.) OK. Consider something like (watch linewrapping): --- openssh/auth.c_orig Thu Jun 9 14:25:48 2005 +++ openssh/auth.c Thu Jun 9 14:27:36 2005 @@ -198,8 +198,8 @@ if (!ga_match(options.allow_groups, options.num_allow_groups)) { ga_free(); - logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", - pw->pw_name); + logit("User %.100s from IP %.100s not allowed because none of user's groups are listed in AllowGroups", + pw->pw_name, get_remote_ipaddr()); return 0; } ga_free(); > Moreover, I think parsing auth.log is not beautelul idea. Can > sshd do some actions after he allow or deny connection? Can he > run some script with some arguments? While you could do something like have sshd execl() some script upon a denied connection, it's not likely to be a great idea: the potential for DoS'ing sshd by creating lots of bad connections, would be pretty easy. Anyway, you've got the source, it's in /usr/src/crypto/openssh. :-) -- -Chuck