| Summary: | INFO logging fails for client with mis-configured DNS | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | paul |
| Component: | sftp-server | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED WORKSFORME | ||
| Severity: | security | CC: | djm |
| Priority: | P5 | ||
| Version: | 5.3p1 | ||
| Hardware: | amd64 | ||
| OS: | Linux | ||
I'm pretty sure that the DNS warnings are not the cause of the missing logs - we certainly don't suppress logs after that message. Could you try reproducing this with a recent sshd? There have been quite a few improvements in how log messages are handled. ~5yrs with no followup = no bug close bugs that were resolved in OpenSSH 8.5 release cycle |
I'm running an openssh server with internal-sftp and an sftponly group whose members can only sftp into a chroot environment. I've specified INFO level logging and added a rule to rsyslog so that I get file level event logging. One client connected and I didn't get any logging for opendir, closedir, open or close events. I did get a reverse mapping error: 2014-11-24 13:23:06 host1 sshd[7527]: reverse mapping checking getaddrinfo for a-b-c-d-static.hfc.comcastbusiness.net [a.b.c.d] failed - POSSIBLE BREAK-IN ATTEMPT! 2014-11-24 13:23:12 host1 sshd[7527]: Accepted publickey for bob from a.b.c.d port 56663 ssh2 2014-11-24 13:23:12 host1 sshd[7527]: pam_unix(sshd:session): session opened for user bob by (uid=0) 2014-11-24 13:23:12 host1 sshd[7536]: subsystem request for sftp I was able to reproduce this behavior by setting up an instance of bind9 with mismatched A and PTR entries. Setting "UseDNS=no" in sshd_config seems to be the workaround. I realize that UseDNS=no is or will be the default, and that there's a standing feature request regarding sftp-server logging; I'm reporting this in case someone thinks the behavior merits investigation. Misconfigured client DNS is no reason to suppress event logging.