Date: Thu, 9 Jun 2005 14:42:44 -0400 From: Charles Swiger <cswiger@mac.com> To: "Eugene M. Minkovskii" <emin@mccme.ru> Cc: freebsd-questions@freebsd.org Subject: Re: (fwd) sshd events Message-ID: <9962013F-5D26-4A95-95C2-6C0E8EB20235@mac.com> In-Reply-To: <20050609131223.GA18795@mccme.ru> References: <20050609131223.GA18795@mccme.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 9, 2005, at 9:12 AM, Eugene M. Minkovskii wrote: > I put some users into AllowGroups, in logs I can read something > like this: "User xxx not allowed because none of user's groups > are listed in AllowGroups", and I can't see from what IP I got > this request.) OK. Consider something like (watch linewrapping): --- openssh/auth.c_orig Thu Jun 9 14:25:48 2005 +++ openssh/auth.c Thu Jun 9 14:27:36 2005 @@ -198,8 +198,8 @@ if (!ga_match(options.allow_groups, options.num_allow_groups)) { ga_free(); - logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", - pw->pw_name); + logit("User %.100s from IP %.100s not allowed because none of user's groups are listed in AllowGroups", + pw->pw_name, get_remote_ipaddr()); return 0; } ga_free(); > Moreover, I think parsing auth.log is not beautelul idea. Can > sshd do some actions after he allow or deny connection? Can he > run some script with some arguments? While you could do something like have sshd execl() some script upon a denied connection, it's not likely to be a great idea: the potential for DoS'ing sshd by creating lots of bad connections, would be pretty easy. Anyway, you've got the source, it's in /usr/src/crypto/openssh. :-) -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9962013F-5D26-4A95-95C2-6C0E8EB20235>