openssh bugs - Oct 2013 - [Bug 2162] New: Log needs to contain the port on which connection is made

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

            Bug ID: 2162
           Summary: Log needs to contain the port on which connection is
                    made
           Product: Portable OpenSSH
           Version: 6.2p1
          Hardware: All
                OS: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: yuri at rawbw.com

I have sshd listening on multiple ports.
Currently I see the log message:
Oct 17 11:59:32 myhost sshd[13784]: Bad protocol version identification
'\200F\001\003\001' from NNN.NNN.NNN.NNN

Somebody connected to it and protocol was invalid. The message will
become much more informative if it contained the port on which the
connection wad made.

This should be fixed for all messages that sshd prints on
per-connection basis.

OpenSSH 6.2p2 from FreeBSD tree.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2355
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2355&action=edit
include port in invalid banner message

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
             Blocks|                            |2130

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Patch has been committed; this will be in OpenSSH-6.4 due in 2-3 months
time.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2355
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2355
include port in invalid banner message
>+		logit("Bad protocol version identification '%.100s' "
>+		    "from %s port %d", client_version_string,
>+		    get_remote_ipaddr(), get_remote_port());
that's the remote port, the request was for the local (ie listening)
port.  Certainly I think it's worth having the remote port (eg for NAT
pools).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

--- Comment #4 from Zzu <yuri at rawbw.com> ---
Also, there are other messages of the same kind (issued per-connection)
that should be fixed as well. Ex. "Did not receive identification
string from %s"

I suggest you create the variant of logit for this. I realize with the
current code just using "va_list args" this isn't trivial to do
without
the code duplication.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
I don't mind adding full host/port information to a few important
messages (authentication events, etc.), but I don't think that every
message needs to include the same redundant information. We have a
"Connection from ..." message that should include it all.

How about:
> - verbose("Connection from %.500s port %d", remote_ip,
remote_port);
> + verbose("Connection from %s port %d on %s port %d",
> +     remote_ip, remote_port,
> +     get_local_ipaddr(sock_in), get_local_port());
?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
I added the local host address and port to the "Connection from ..."
message that is shown at loglevel>=verbose.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2162

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.