Displaying 6 results from an estimated 6 matches for "ssh_remote_ipaddr".
Did you mean:
set_remote_ipaddr
2024 Jun 01
1
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
...66,11 +266,11 @@ process_input(struct ssh *ssh, int connection_in)
if (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)
return 0;
if (errno == EPIPE) {
- verbose("Connection closed by %.100s port %d",
+ logit("Connection closed by %.100s port %d",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
return -1;
}
- verbose("Read error from remote host %s port %d: %s",
+ logit("Read error from remote host %s port %d: %s",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
strerror(errno));
cleanup_exit(255);
2024 May 31
1
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Thu, May 30, 2024 at 6:02?PM Opty <opty77 at gmail.com> wrote:
> On Thu, May 30, 2024 at 3:03?AM Damien Miller <djm at mindrot.org> wrote:
> > On Wed, 29 May 2024, Opty wrote:
> > > On Mon, May 27, 2024 at 4:18?AM Damien Miller <djm at mindrot.org> wrote:
> > > > Yeah, you're adding a new thing that will be logged. IMO you should
> >
2024 Jun 01
1
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
...= EWOULDBLOCK)
> return 0;
> if (errno == EPIPE) {
> - verbose("Connection closed by %.100s port %d",
> + logit("Connection closed by %.100s port %d",
> ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
> return -1;
> }
> - verbose("Read error from remote host %s port %d: %s",
> + logit("Read error from remote host %s port %d: %s",
> ssh_remote_ipa...
2022 Nov 05
1
[PATCH] Class-imposed login restrictions
...#ifdef BSD_AUTH
auth_session_t *as;
#endif
@@ -510,6 +513,21 @@ getpwnamallow(struct ssh *ssh, const char *user)
debug("unable to get login class: %s", user);
return (NULL);
}
+#ifdef HAVE_AUTH_HOSTOK
+ from_host = auth_get_canonical_hostname(ssh, options.use_dns);
+ from_ip = ssh_remote_ipaddr(ssh);
+ if (!auth_hostok(lc, from_host, from_ip)) {
+ debug("Denied connection for %.200s from %.200s [%.200s].",
+ pw->pw_name, from_host, from_ip);
+ return (NULL);
+ }
+#endif /* HAVE_AUTH_HOSTOK */
+#ifdef HAVE_AUTH_TIMEOK
+ if (!auth_timeok(lc, time(NULL))) {
+ debug("...
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If
2018 Dec 10
2
[PATCH] cleanup of global variables server/client_version_string in sshconnect.c
In sshconnect.c there are two global variables for server_version_string
client_version_string.
These are used just in a few functions and can easily be passed as
parameters.
Also, there is a strange construct, where their memory is allocated to
the global pointers, then copies of these pointers are assigned to the
kex structure. The kex_free finally frees them via cleanup of the kex