From owner-freebsd-security@freebsd.org Tue Nov 10 11:08:19 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3082AA2A443; Tue, 10 Nov 2015 11:08:19 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from smtp.digiware.nl (unknown [IPv6:2001:4cb8:90:ffff::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E83241C88; Tue, 10 Nov 2015 11:08:18 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from rack1.digiware.nl (unknown [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id C4EF615340D; Tue, 10 Nov 2015 12:08:16 +0100 (CET) X-Virus-Scanned: amavisd-new at digiware.nl Received: from smtp.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zi2xB6s5l118; Tue, 10 Nov 2015 12:08:14 +0100 (CET) Received: from [IPv6:2001:4cb8:3:1:d119:ed2b:ab19:e9bb] (unknown [IPv6:2001:4cb8:3:1:d119:ed2b:ab19:e9bb]) by smtp.digiware.nl (Postfix) with ESMTP id CDCAA153401; Tue, 10 Nov 2015 12:08:14 +0100 (CET) Subject: Re: OpenSSH HPN To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= References: <86io5a9ome.fsf@desk.des.no> <5641BFC4.7050208@digiware.nl> <86a8qm9l9b.fsf@desk.des.no> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org From: Willem Jan Withagen Organization: Digiware Management b.v. Message-ID: <5641D00E.501@digiware.nl> Date: Tue, 10 Nov 2015 12:07:58 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <86a8qm9l9b.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2015 11:08:19 -0000 On 10-11-2015 11:55, Dag-Erling Smørgrav wrote: > Willem Jan Withagen writes: >> I know I've installed the ports once to see if, and how I would be >> able to add more IP-address infor to some of the warnings and >> errors. And then to get thos errors recognised by tools like sshguard >> and fail2ban. > > Do you mean logging IP addresses instead of hostnames? Just turn off > UseDNS. It is off by default since 6.8. No not really.... Digging in my logfiles .... , and its things like: sshd[84942]: Disconnecting: Too many authentication failures [preauth] So errors/warnings without IP-nr. And I think I fixed it on one server to also write: error: maximum authentication attempts exceeded for root from 173.254.203.88 port 1042 ssh2 [preauth] Which when I found out that upstreaming patches from base will be hard, because the whole logging in the ports version is totally different. > If you mean adding IP addresses or hostnames to messages that don't > already have them, try suggesting it on the openssh-portable mailing > list (openssh-unix-dev@mindrot.org). Are they still willing to accept changes to the old version that is currently in base? --WjW