Date: Tue, 10 Nov 2015 11:12:35 -0500 From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: OpenSSH HPN Message-ID: <56421773.6030101@freebsd.org> In-Reply-To: <1447171330.3672217.435085401.40D8E7F2@webmail.messagingengine.com> References: <86io5a9ome.fsf@desk.des.no> <5641BFC4.7050208@digiware.nl> <86a8qm9l9b.fsf@desk.des.no> <5641D00E.501@digiware.nl> <86611a9kj6.fsf@desk.des.no> <5641D419.5090103@digiware.nl> <1447171330.3672217.435085401.40D8E7F2@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SmlPJC1DdVvjsHDevEIHnrP2nrCBRoSKl Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-11-10 11:02, Mark Felder wrote: >=20 >=20 > On Tue, Nov 10, 2015, at 05:25, Willem Jan Withagen wrote: >> On 10-11-2015 12:11, Dag-Erling Sm=F8rgrav wrote: >>> Willem Jan Withagen <wjw@digiware.nl> writes: >>>> Digging in my logfiles .... , and its things like: >>>> sshd[84942]: Disconnecting: Too many authentication failures [prea= uth] >>>> >>>> So errors/warnings without IP-nr. >>>> >>>> And I think I fixed it on one server to also write: >>>> error: maximum authentication attempts exceeded for root from >>>> 173.254.203.88 port 1042 ssh2 [preauth] >>> >>> fail2ban should catch both of these since sshd will print a message f= or >>> each failed authentication attempt before it prints a message about >>> reaching the limit. >> >> It's already too long to remember the full facts, but when I was looki= ng=20 >> at the parser in sshguard, I think I noticed that certain accesses=20 >> weren't logged and added some more logging rules to catch those. >> >> What I still have lingering is this snippet: >> Index: crypto/openssh/packet.c >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> --- crypto/openssh/packet.c (revision 289060) >> +++ crypto/openssh/packet.c (working copy) >> @@ -1128,8 +1128,10 @@ >> logit("Connection closed by %.200s",=20 >> get_remote_ipaddr()); >> cleanup_exit(255); >> } >> - if (len < 0) >> + if (len < 0) { >> + logit("Read from socket failed: %.200s",=20 >> get_remote_ipaddr()); >> fatal("Read from socket failed: %.100s",=20 >> strerror(errno)); >> + } >> /* Append it to the buffer. */ >> packet_process_incoming(buf, len); >> } >> >> But like I said: The code I found at openssh was so totally different = >> that I did not continued this track, but chose to start running openss= h=20 >> from ports. Which does not generate warnings I have questions about th= e=20 >> originating ip-nr. >> >>>> Are they still willing to accept changes to the old version that is >>>> currently in base? >>> >>> No, why would they do that? >> >> Exactly my question.... >> I guess I misinterpreted your suggestion on upstreaming patches. >> >> --WjW >> >=20 > I honestly think everyone would be better served by porting blacklistd > from NetBSD than trying to increase verbosity for log files. >=20 >=20 I have been using HPN + NONE for a few years and find them quite useful, but it is easier to install openssh-portable and run that than to recompile the base system to enable the NONE cipher, so I have no objection to removing the patches from base. The useful logging feature that comes with the newer version of openssh, is logging which SSH key the user authenticated with. --=20 Allan Jude --SmlPJC1DdVvjsHDevEIHnrP2nrCBRoSKl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWQhd2AAoJEBmVNT4SmAt+YxoP/jwrMC+6tER+hf1KS5r2MGje sAI2ZzEPGbVMtFTN/IkOyHfLWSce1L+iTByAfDWN7B6tgNOdX3P7CGgE0h1KfHKh Xzi9N/cBAMiw6tAkX5vFPXGjguGNYb1GsUlX/J48gtnvW9Fy++weHohZkUSNggaX 5SwmB0jlkmX7kSbHJZQR1kFvtiTk3Keofx77O2kwi/VdnN9twIjRS03gBxArxJvZ MC8ZjlKXqKCdEor7SVMGKYp59IxYmEzLy+0Ox2XELv//92hr7s2JXOHVtv737FKx Lga4mhtD1Ee69d5pxPBEh6RaxfjBbYI5FzkoYuOOCA25NNslgZkW4nYjF93ystqh hixTtfHDV94QoY4wHCiT/XzljQbVhpva7+vl7OTfaZqgl5IkH8qwx/q9CPnUw7Rl PnEBeLi/Eo4FF87XVzUVHvLkbDmIYRkNeTLLKk4YWbnyIGdl5l/t9P3JhNG29apn kjP1nXUMjotbiMZgJrYTE08Q3Y/oaEaYTr9Ke7RR031IcyPaB6ecQAGH7UvKqsWY rR3CiVqiyEYV4G6Jtj96SntJndVNi/Zh68WRppqWbw/PEsUCNNLjV1m/d8YDLxy7 HApMVhcq5+i2zRGflyBqdrHShoSoVMnz2Im5q0nb0mlARGAgBI7vOiEJD/rYWvgU nHwqtSA1j0hVKwPctSGR =y+Vi -----END PGP SIGNATURE----- --SmlPJC1DdVvjsHDevEIHnrP2nrCBRoSKl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56421773.6030101>