Jochen Bern
2023-Jun-05 08:15 UTC
[feature suggestion] sshd should log the listening port number while logging errors/warnings
On 05.06.23 08:59, Darren Tucker wrote:> On Mon, 5 Jun 2023 at 16:29, Yuri <yuri at rawbw.com> wrote: >> ssh_kex_exchange_identification: banner line contains invalid characters > [...] >> It would be easier to figure out where offending connections come from. > > The subsequent log line from sshpkt_fatal contains the source address > and port of that connection:I think that Yuri meant (one of his several) ssh*d*-side port(s). There is SyslogFacility (plus the filtering capabilities of modern syslogd's), but since that would quite likely leak sensitive information out of the (better-protected) /var/log/secure on RHEL-like systems, I can't really recommend (ab)using it. However, I guess that allowing the sysadmin to change the progname/ident parameter of the syslogging (like you can with the "daemon XYZ" setting for multi-instance OpenVPN servers), rather than having it fixed to "sshd", would prove more versatile than specifically adding the Port to selected message( string)s ... Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3449 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230605/0beb6649/attachment.p7s>
Darren Tucker
2023-Jun-05 08:56 UTC
[feature suggestion] sshd should log the listening port number while logging errors/warnings
On Mon, 5 Jun 2023 at 18:37, Jochen Bern <Jochen.Bern at binect.de> wrote:> On 05.06.23 08:59, Darren Tucker wrote:[...]> > The subsequent log line from sshpkt_fatal contains the source address > > and port of that connection: > > I think that Yuri meant (one of his several) ssh*d*-side port(s).Yes he asked about server side ports, but the stated reason was "It would be easier to figure out where offending connections come from" hence my answer. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.