Bug 909

Summary:

AllowUsers denied access does not log IP address

Product:

Portable OpenSSH

Reporter:

Stephen Woodbridge <woodbri>

Component:

sshd

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED FIXED

Severity:

normal

Priority:

Version:

-current

Hardware:

All

OS:

All

Attachments:

Description	Flags
add source address/hostname to log messages.	none

Description Stephen Woodbridge 2004-08-05 12:44:01 AEST

log messages do not include orginating IP address for messages like:

Aug  2 21:09:48 maps sshd[4468]: User root not allowed because not listed in
AllowUsers

Using version:
OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

This is a serious security omission, because you can not track, report and/or
block hosts that are trying to access your system. I realize that only allowing
specific hosts would be a better security alternative, but this is not always an
alternative when I am travelling and need remote access to my system.

Comment 1 Darren Tucker 2005-01-20 23:22:56 AEDT

Created attachment 779 [details]
add source address/hostname to log messages.

Please try this patch (against OpenBSD but will apply to 3.9p1 with fuzz).

The log messages look like:
User dtucker from host.some.net not allowed because listed in DenyUsers

Comment 2 Darren Tucker 2005-01-22 19:27:42 AEDT

Patch has been applied to OpenBSD and will make it into Portable's snaps
sometime soon.  It will be in the next major release.  Thanks for the report.

Comment 3 Darren Tucker 2006-10-07 11:36:40 AEST

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.