Date: Thu, 9 Jun 2005 14:42:44 -0400 From: Charles Swiger <cswiger@mac.com> To: "Eugene M. Minkovskii" <emin@mccme.ru> Cc: freebsd-questions@freebsd.org Subject: Re: (fwd) sshd events Message-ID: <9962013F-5D26-4A95-95C2-6C0E8EB20235@mac.com> In-Reply-To: <20050609131223.GA18795@mccme.ru> References: <20050609131223.GA18795@mccme.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 9, 2005, at 9:12 AM, Eugene M. Minkovskii wrote:
> I put some users into AllowGroups, in logs I can read something
> like this: "User xxx not allowed because none of user's groups
> are listed in AllowGroups", and I can't see from what IP I got
> this request.)
OK. Consider something like (watch linewrapping):
--- openssh/auth.c_orig Thu Jun 9 14:25:48 2005
+++ openssh/auth.c Thu Jun 9 14:27:36 2005
@@ -198,8 +198,8 @@
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
ga_free();
- logit("User %.100s not allowed
because none of user's groups are listed in AllowGroups",
- pw->pw_name);
+ logit("User %.100s from IP %.100s not
allowed because none of user's groups are listed in AllowGroups",
+ pw->pw_name, get_remote_ipaddr());
return 0;
}
ga_free();
> Moreover, I think parsing auth.log is not beautelul idea. Can
> sshd do some actions after he allow or deny connection? Can he
> run some script with some arguments?
While you could do something like have sshd execl() some script upon
a denied connection, it's not likely to be a great idea: the
potential for DoS'ing sshd by creating lots of bad connections, would
be pretty easy.
Anyway, you've got the source, it's in /usr/src/crypto/openssh. :-)
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9962013F-5D26-4A95-95C2-6C0E8EB20235>