Bug 2613

Summary: Log connections dropped when MaxStartups is reached
Product: Portable OpenSSH Reporter: Tomas Kuthan <tomas.kuthan>
Component: sshdAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: trivial CC: djm, dtucker
Priority: P5    
Version: 7.3p1   
Hardware: SPARC   
OS: Solaris   
Bug Depends on:    
Bug Blocks: 2594    
Attachments:
Description Flags
Log dropped connections
none
log addresses too dtucker: ok+

Description Tomas Kuthan 2016-09-10 00:53:04 AEST 
When MaxStartups of unauthenticated concurrent connections is hit, additional connections are dropped.

Dropped connections should be logged.

Server administrator should be able to find this information and might be interested in details.
Comment 1 Tomas Kuthan 2016-09-10 00:54:55 AEST 
Created attachment 2873 [details]
Log dropped connections
Comment 2 Darren Tucker 2016-10-21 03:33:47 AEDT 
Comment on attachment 2873 [details]
Log dropped connections

>+				logit("MaxStartups: dropping connection #%d",
>+				    startups);

The connection identifier is included in this log message so syslog won't be able to dedupe it.  Not sure if that's significant, though.
Comment 3 Damien Miller 2016-12-09 12:34:54 AEDT 
Created attachment 2907 [details]
log addresses too

This logs the endpoint addresses too and downgrades the message to verbose() - IMO it could be pretty spammy during a DoS
Comment 4 Darren Tucker 2016-12-09 13:35:57 AEDT 
Comment on attachment 2907 [details]
log addresses too

>+				verbose("drop connection #%d from [%s]:%d "

won't that be wrong (or at least misleading) for IPv6 addresses?
Comment 5 Darren Tucker 2016-12-09 13:39:30 AEDT 
Comment on attachment 2907 [details]
log addresses too

[127.0.0.1]:22 vs [::1]:22

nevermind, I withdraw that bogus objection.
Comment 6 Damien Miller 2016-12-09 14:04:46 AEDT 
patch applied; this will be in OpenSSH 7.4
Comment 7 Damien Miller 2021-04-23 14:54:59 AEST 
closing resolved bugs as of 8.6p1 release