Date: Mon, 03 Aug 2015 08:32:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202055] [ssh] [patch] Extra IP number information for failed (anonymous) connects Message-ID: <bug-202055-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055 Bug ID: 202055 Summary: [ssh] [patch] Extra IP number information for failed (anonymous) connects Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: wjw@digiware.nl Keywords: patch Created attachment 159484 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159484&action=edit log ip-numbers for failed socket connect attempts Running ssh, logfiles are swamped with lines like: fatal: Read from socket failed: Connection reset by peer [preauth] Which is rather useless for tools like sshguard and/or fail2ban But this patch changes this info to: Aug 2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 [preauth] Aug 2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: Connection reset by peer [preauth] I decided to keep the older log line as well, to keep consistent what was there already. I do not know if any logfile analysers care about this line. Thus giving other tools to opportunity to act on (now) known abuse ip-numbers. --WjW PS: not sure if the patch goes to FreeBSd, or perhaps upstream to openssh? -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202055-8>