Daniel Kahn Gillmor
2016-Mar-29 22:22 UTC
request: add IP address to a log message to allow blocking
On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote:> On Tue, 29 Mar 2016, IMAP List Administration wrote: >> If you haven't already, an you please add the IP address to this message, and >> any similar messages? I'm using version 6.7p1. > > I actually added that recently. It will be in openssh-7.3, due in a > couple of months.Will it be configurable? There are situations where people actively don't want to have any IP addresses logged for legal reasons, and ideally it would be easy to get diagnostics without risks of IP addresses being written to log storage. --dkg
Martin Schröder
2016-Mar-29 22:37 UTC
request: add IP address to a log message to allow blocking
2016-03-30 0:22 GMT+02:00 Daniel Kahn Gillmor <dkg at fifthhorseman.net>:> Will it be configurable? There are situations where people actively > don't want to have any IP addresses logged for legal reasons, and > ideally it would be easy to get diagnostics without risks of IP > addresses being written to log storage.Aye. Or scramble the lower octet of IPv4 addresses (don't know what's the equivalent for IPv6). Best Martin
Damien Miller
2016-Mar-30 09:10 UTC
request: add IP address to a log message to allow blocking
On Tue, 29 Mar 2016, Daniel Kahn Gillmor wrote:> On Tue 2016-03-29 18:10:00 -0400, Damien Miller wrote: > > On Tue, 29 Mar 2016, IMAP List Administration wrote: > >> If you haven't already, an you please add the IP address to this message, and > >> any similar messages? I'm using version 6.7p1. > > > > I actually added that recently. It will be in openssh-7.3, due in a > > couple of months. > > Will it be configurable? There are situations where people actively > don't want to have any IP addresses logged for legal reasons, and > ideally it would be easy to get diagnostics without risks of IP > addresses being written to log storage.No, it won't be configurable. We've always logged IP addresses in some circumstances, we're just being more consistent in doing so. Anyone who has had special requirements around log privacy should have implemented filtering years ago. -d
IMAP List Administration
2016-Apr-18 16:39 UTC
request: add IP address to a log message to allow blocking
On 03/30/2016 12:37 AM, Martin Schr?der wrote:> 2016-03-30 0:22 GMT+02:00 Daniel Kahn Gillmor <dkg at fifthhorseman.net>: >> Will it be configurable? There are situations where people actively >> don't want to have any IP addresses logged for legal reasons, and >> ideally it would be easy to get diagnostics without risks of IP >> addresses being written to log storage. > Aye. Or scramble the lower octet of IPv4 addresses (don't know what's > the equivalent for IPv6).oh good idea. For the < 1% of people that want to intentionally destroy their data let's impose mandatory data destruction on everyone.