Hi,
I'm working on some project which is sort of log filter.
Last few days I noticed that there are some wacky people
scanning sshd port all the time from anywhere.
Although sshd reports it with syslog error message which is
very helpful, I'd like to know the source ip address with
following message:
canohost.c: around line #100
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
logit("reverse mapping checking getaddrinfo for %.700s "
"from address %.100s failed - POSSIBLE BREAKIN ATTEMPT!",
ntop, name);
return xstrdup(ntop);
}
I added ip address to the message. Since the name woun't be
abled to be resolved correctly, reporting only host name won't
help so.
Please apply below patch if it is acceptable.
Thanks!
-- Junji
--- openssh-4.0p1/canohost.c 2005-03-01 19:16:19.000000000 +0900
+++ openssh-4.0p1.patched/canohost.c 2006-03-13 23:42:03.000000000 +0900
@@ -102,7 +102,8 @@
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
logit("reverse mapping checking getaddrinfo for %.700s
"
- "failed - POSSIBLE BREAKIN ATTEMPT!", name);
+ "from address %.100s failed - POSSIBLE BREAKIN
ATTEMPT!",
+ name, ntop);
return xstrdup(ntop);
}
/* Look for the address from the list of addresses. */