openssh bugs - Dec 2014 - [Bug 2326] New: INFO logging fails client with mis-configured DNS

https://bugzilla.mindrot.org/show_bug.cgi?id=2326

            Bug ID: 2326
           Summary: INFO logging fails client with mis-configured DNS
           Product: Portable OpenSSH
           Version: 5.3p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sftp-server
          Assignee: unassigned-bugs at mindrot.org
          Reporter: paul at mackinney.net

I'm running an openssh server with internal-sftp and an sftponly group
whose members can only sftp into a chroot environment. I've specified
INFO level logging and added a rule to rsyslog so that I get file level
event logging.

One client connected and I didn't get any logging for opendir,
closedir, open or close events. I did get a reverse mapping error:

    2014-11-24 13:23:06 host1 sshd[7527]: reverse mapping checking
getaddrinfo for a-b-c-d-static.hfc.comcastbusiness.net [a.b.c.d] failed
- POSSIBLE BREAK-IN ATTEMPT!
    2014-11-24 13:23:12 host1 sshd[7527]: Accepted publickey for bob
from a.b.c.d port 56663 ssh2
    2014-11-24 13:23:12 host1 sshd[7527]: pam_unix(sshd:session):
session opened for user bob by (uid=0)
    2014-11-24 13:23:12 host1 sshd[7536]: subsystem request for sftp

I was able to reproduce this behavior by setting up an instance of
bind9 with mismatched A and PTR entries.

Setting "UseDNS=no" in sshd_config seems to be the workaround.

I realize that UseDNS=no is or will be the default, and that there's a
standing feature request regarding sftp-server logging; I'm reporting
this in case someone thinks the behavior merits investigation.
Misconfigured client DNS is no reason to suppress event logging.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2326

paul at mackinney.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|INFO logging fails client   |INFO logging fails for
                   |with mis-configured DNS     |client with mis-configured
                   |                            |DNS

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2326

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I'm pretty sure that the DNS warnings are not the cause of the missing
logs - we certainly don't suppress logs after that message.

Could you try reproducing this with a recent sshd? There have been
quite a few improvements in how log messages are handled.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2326

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
~5yrs with no followup = no bug

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.