bugzilla-daemon at mindrot.org
2014-Dec-13 22:45 UTC
[Bug 2327] New: sshd to log one unique string or prefix after connection failure, no matter why.
https://bugzilla.mindrot.org/show_bug.cgi?id=2327 Bug ID: 2327 Summary: sshd to log one unique string or prefix after connection failure, no matter why. Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: octavsly at gmail.com To allow fail2ban to correctly ban some sshd attacks, more information would be needed to be logged: More is discussed at: https://github.com/fail2ban/fail2ban/issues/864 ==Quote====It make more sense, if at last sshd would log one unique string or prefix after connection failure, no matter why. Something like: Nov 25 01:33:13 srv sshd[...]: Failure from <HOST>: <here can be a reason why ...> Or if sshd gets a system callback (like call_if_fails) with address of failed connection. Then we can self produce a failure for fail2ban. =================== -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-01 14:14 UTC
[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.
https://bugzilla.mindrot.org/show_bug.cgi?id=2327 Karl Schmidt <karl at xtronics.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |karl at xtronics.com --- Comment #1 from Karl Schmidt <karl at xtronics.com> --- This poorly titled bug has been around a long time. The key is the IP address is missing. This bug is alive at Cisco https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv42794 It is also listed as a bug in Debian https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726579 Having the IP address on the same line - with info log level is obviously needed for identifying attackers..>From /var/log/auth.logJul 28 08:37:27 hostname sshd[12053]: fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr [preauth] Jul 28 08:58:38 hostname sshd[12512]: fatal: Unable to negotiate a key exchange method [preauth] I think more examples of the missing IP address exist. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-01 14:43 UTC
[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.
https://bugzilla.mindrot.org/show_bug.cgi?id=2327 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Karl Schmidt from comment #1) [...]> Jul 28 08:58:38 hostname sshd[12512]: fatal: Unable to negotiate a > key exchange method [preauth]These ones have been fixed for a while: $ ssh -p 2022 -o kexalgorithms=diffie-hellman-group1-sha1 localhost ssh_dispatch_run_fatal: Connection to 127.0.0.1: no matching key exchange method found [preauth] $ ssh -p 2022 -o ciphers=3des-cbc localhost ssh_dispatch_run_fatal: Connection to 127.0.0.1: no matching cipher found [preauth] -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-01 19:17 UTC
[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.
https://bugzilla.mindrot.org/show_bug.cgi?id=2327 --- Comment #3 from Karl Schmidt <karl at xtronics.com> --- I'm running 6.7p1 - at which version fixed this? (No backport for Debian stable ) If fixed, we should close these bugs.. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 05:15 UTC
[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.
https://bugzilla.mindrot.org/show_bug.cgi?id=2327 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #4 from Darren Tucker <dtucker at zip.com.au> --- It varies depending on exactly which bit you are looking at. Remote IP addresses: bug#2257 since at least 6.9: https://anongit.mindrot.org/openssh.git/commit/?id=639d6bc5 Remote port numbers: bug#2503, first in 7.2 https://anongit.mindrot.org/openssh.git/commit/?id=a4b9e0f4 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:03 UTC
[Bug 2327] sshd to log one unique string or prefix after connection failure, no matter why.
https://bugzilla.mindrot.org/show_bug.cgi?id=2327 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.