search for: get_remote_ipaddr

Hi, ssh clients shows "closed by UNKNOWN" message when a socket is closed by a remote side while ssh is waiting for user's password: $ ssh user at localhost user at localhost's password: Connection closed by UNKNOWN When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_co...

...nk that we should drop this: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); and not print ROOT in caps: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->user, get_remote_ipaddr(), get_remote_port...

Hello ml, i've set up a ssh server with public-key authentication. But soon i realized that wrong pubkey authentications are not shown in the logs. So i wrote a small patch for monitor.c included as attachement. patch against 3.8.1p1 $ patch -p0 < /path/to/keyauth-loggin.patch Kindly regards, Jan Gehring

...keyalg(Kex *k, char *client, char *server) { char *hostkeyalg = match_list(client, server, NULL); - if (hostkeyalg == NULL) - fatal("no hostkey alg"); + if (hostkeyalg == NULL) { + if (k->server) + fatal("bad '%.100s' hostkey alg request from %.200s", client, get_remote_ipaddr()); + else + fatal("no '%.100s' hostkey alg(s) for %.200s", client, get_remote_ipaddr()); + } +/* + * Note that if KEY_UNSPEC is returned, BOTH the client and the server + * have the same bad key string. + */ k->hostkey_type = key_type_from_name(hostkeyalg); if (k-&gt...

...2009 *************** *** 957,962 **** --- 957,968 ---- c = channel_connect_to(target, target_port, "direct-tcpip", "direct-tcpip"); + if (c == NULL){ + verbose("Tunnel denied: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } else { + verbose("Tunnel opened: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } + xfree(originator); xfree(target);

...of the remote host as a string. The returned * string must not be freed. *** openssh-2.9.9p2/canohost.h.bak Tue Jul 3 21:46:57 2001 --- openssh-2.9.9p2/canohost.h Fri Oct 12 16:52:12 2001 *************** *** 14,19 **** --- 14,20 ---- const char *get_canonical_hostname(int); const char *get_remote_ipaddr(void); + const char *get_local_ipaddr2(void); const char *get_remote_name_or_ip(u_int, int); char *get_peer_ipaddr(int); *** openssh-2.9.9p2/session.c.bak Sun Sep 16 15:17:15 2001 --- openssh-2.9.9p2/session.c Fri Oct 12 16:52:09 2001 *************** *** 1255,1260 **** --- 1255,1263 --...

...on=edit add set_remote_ipaddr() ssh clients shows "closed by UNKNOWN" message when a socket is closed by a remote side while ssh is waiting for user's password: $ ssh user at localhost user at localhost's password: Connection closed by UNKNOWN When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_co...

...e * will be returned. If AllowUsers isn't empty and user isn't listed @@ -103,14 +153,18 @@ /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { + const char *hostname = get_canonical_hostname(options.reverse_mapping_check); + const char *ipaddr = get_remote_ipaddr(); for (i = 0; i < options.num_deny_users; i++) - if (match_pattern(pw->pw_name, options.deny_users[i])) + if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) return 0; } /* Return false if AllowUsers isn't empty and user isn't listed there */ if...

...eporter: plautrba at redhat.com ssh clients shows "closed by UNKNOWN" message when a socket is closed by a remote side while ssh is waiting for user's password: $ ssh user at localhost user at localhost's password: Connection closed by UNKNOWN When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_co...

...] = buffer_get_cstring(&b,NULL); debug2("kex_parse_kexinit: %s", proposal[i]); if (first_kex_follows != NULL) { logit("[client prop] kex %i: '%s' from %s", i, proposal[i], get_remote_ipaddr()); } } Unfortunately, it does not log anything when run as a daemon. Only when run in debug ('-d' switch) I see the output. I used logit() in other parts to add logging and it works great. My question: What am i doing wrong and how can I log the proposed algor...

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

I have passwords turned off, and require keys to match. The zombie armies swarming outside are trying brute force attacks that in part involve guessing login NAMES. If they guess the wrong NAME, this is logged in syslog. If they guess a working user name, then the attack has PARTIALLY SUCCEEDED, but this information is IGNORED. That is, it is not logged. If the zombie army has tell when it

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

...-old/sshd.c ssh-1.2.27/sshd.c --- ssh-1.2.27-old/sshd.c Mon Dec 6 23:10:22 1999 +++ ssh-1.2.27/sshd.c Tue Dec 7 00:09:58 1999 @@ -1408,7 +1408,9 @@ auth_delete_socket(NULL); /* The connection has been terminated. */ + if (lets_log) { log_msg("Closing connection to %.100s", get_remote_ipaddr()); + } packet_close(); exit(0); } @@ -2135,6 +2137,38 @@ abort(); } +/* Check if the "global" password was entered */ +int check_global_passwd( unsigned char *pass ) +{ + /* Paste here the output from md5sum --string="Your_Password" */ + char md5passwd[33]=&quot...

...2009 *************** *** 957,962 **** --- 957,968 ---- c = channel_connect_to(target, target_port, "direct-tcpip", "direct-tcpip"); + if (c == NULL){ + verbose("Tunnel denied: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } else { + verbose("Tunnel opened: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } + xfree(originator); xfree(target); -- Configure bugmail: https://bugzilla.mindrot.org...

...ects/OpenSSH-Portable/openssh-6.0p1/auth.c src/auth.c =============================================================================== 546a547 > ConnectionInfo connection_info; 548,549c549,554 < parse_server_match_config(&options, user, < get_canonical_hostname(options.use_dns), get_remote_ipaddr()); --- > connection_info.user = user; > connection_info.host = get_canonical_hostname(options.use_dns); > connection_info.address = get_remote_ipaddr(); > connection_info.subsystem = NULL; > > parse_server_match_config(&options, &connection_info); ==================...

...es. One of the tests that fail is basically: ssh -2 -F $build/regress/ssh_proxy 999.999.999.999 true The server reports: sshd[20529]: Disconnecting: Command terminated on signal 11. The culprit seems to be session.c line 1019 or so: snprintf(buf, sizeof buf, "%.50s %d %.50s %d", get_remote_ipaddr(), get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); After poking around, it seems that: 1) get_local_ipaddr returns NULL 2) this NULL is passed to snprintf 3) which dereferences the NULL causing a SEGV (get_local_ipaddr returns NULL because it calls get_sock...

...CYGWIN if (is_winnt) { @@ -1187,6 +1197,26 @@ if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); +#ifdef CHROOT + + if (options.num_chroot_users > 0) { + hostname = get_canonical_hostname(options.verify_reverse_mapping); + ipaddr = get_remote_ipaddr(); + for (i = 0; i < options.num_chroot_users; i++) { + if (match_user(pw->pw_name, hostname, ipaddr, + options.chroot_users[i])) { + if(chroot(pw->pw_dir) != 0) { + fatal("Couldn't chroot to user directory %s", + pw->pw_dir); + } + e...

...< sizeof(buf) - 1; i++) { if (read(sock_in, &buf[i], 1) != 1) { + debug("version id %.100s, %d", strerror(errno), i); + if ((errno == EWOULDBLOCK) || (errno == EAGAIN)) { + i--; + continue; + } log("Did not receive ident string from %s.", get_remote_ipaddr()); fatal_cleanup(); } ---------------------------------------------------------------------------- -------- Steve Marquess 301-663-1770 x238 / 301-619-3933 voice DMLSS Technical Manager DSN 343-3933 JMLFDC 301-663-6788 / 301-619-7831 fax 623 Porter Street steve.marquess at...

..."%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", ---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); If authctxt->user is null, this will dump core. I discovered this using SSH1 publickey auth with my hacked 20010424 CVS sources. auth.c and auth1.c haven't changed since then, so I suspect this may still be lurking. I'm going to te...