bugzilla-daemon at bugzilla.mindrot.org
2016-Sep-09 14:53 UTC
[Bug 2613] New: Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Bug ID: 2613 Summary: Log connections dropped when MaxStartups is reached Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com When MaxStartups of unauthenticated concurrent connections is hit, additional connections are dropped. Dropped connections should be logged. Server administrator should be able to find this information and might be interested in details. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Sep-09 14:54 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 --- Comment #1 from Tomas Kuthan <tomas.kuthan at oracle.com> --- Created attachment 2873 --> https://bugzilla.mindrot.org/attachment.cgi?id=2873&action=edit Log dropped connections -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Oct-20 16:33 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2873 --> https://bugzilla.mindrot.org/attachment.cgi?id=2873 Log dropped connections>+ logit("MaxStartups: dropping connection #%d", >+ startups);The connection identifier is included in this log message so syslog won't be able to dedupe it. Not sure if that's significant, though. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Oct-20 16:34 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2594 CC| |dtucker at zip.com.au Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2594 [Bug 2594] Tracking bug for OpenSSH 7.4 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-09 01:34 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2873|0 |1 is obsolete| | CC| |djm at mindrot.org Status|NEW |ASSIGNED Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org Attachment #2907| |ok?(dtucker at zip.com.au) Flags| | --- Comment #3 from Damien Miller <djm at mindrot.org> --- Created attachment 2907 --> https://bugzilla.mindrot.org/attachment.cgi?id=2907&action=edit log addresses too This logs the endpoint addresses too and downgrades the message to verbose() - IMO it could be pretty spammy during a DoS -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-09 02:35 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2907 --> https://bugzilla.mindrot.org/attachment.cgi?id=2907 log addresses too>+ verbose("drop connection #%d from [%s]:%d "won't that be wrong (or at least misleading) for IPv6 addresses? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-09 02:39 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2907|ok?(dtucker at zip.com.au) |ok+ Flags| | --- Comment #5 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2907 --> https://bugzilla.mindrot.org/attachment.cgi?id=2907 log addresses too [127.0.0.1]:22 vs [::1]:22 nevermind, I withdraw that bogus objection. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-09 03:04 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED --- Comment #6 from Damien Miller <djm at mindrot.org> --- patch applied; this will be in OpenSSH 7.4 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:54 UTC
[Bug 2613] Log connections dropped when MaxStartups is reached
https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Apparently Analagous Threads
- [Bug 2615] New: LoginGraceTime bypass (DoS)
- [Bug 3055] New: Need some high-probability logging re MaxStartups
- [Bug 2101] New: Unaligned memory access on sparc in UMAC implemetation
- [Bug 2376] New: Add compile time option to disable Curve25519
- [Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'