Bug 2613 - Log connections dropped when MaxStartups is reached
Summary: Log connections dropped when MaxStartups is reached
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.3p1
Hardware: SPARC Solaris
: P5 trivial
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_7_4
  Show dependency treegraph
 
Reported: 2016-09-10 00:53 AEST by Tomas Kuthan
Modified: 2021-04-23 14:54 AEST (History)
2 users (show)

See Also:

Attachments
Log dropped connections (347 bytes, patch)
2016-09-10 00:54 AEST, Tomas Kuthan 		no flags Details | Diff
log addresses too (650 bytes, patch)
2016-12-09 12:34 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Kuthan 2016-09-10 00:53:04 AEST 
When MaxStartups of unauthenticated concurrent connections is hit, additional connections are dropped.

Dropped connections should be logged.

Server administrator should be able to find this information and might be interested in details.
Comment 1 Tomas Kuthan 2016-09-10 00:54:55 AEST 
Created attachment 2873 [details]
Log dropped connections
Comment 2 Darren Tucker 2016-10-21 03:33:47 AEDT 
Comment on attachment 2873 [details]
Log dropped connections

>+				logit("MaxStartups: dropping connection #%d",
>+				    startups);

The connection identifier is included in this log message so syslog won't be able to dedupe it.  Not sure if that's significant, though.
Comment 3 Damien Miller 2016-12-09 12:34:54 AEDT 
Created attachment 2907 [details]
log addresses too

This logs the endpoint addresses too and downgrades the message to verbose() - IMO it could be pretty spammy during a DoS
Comment 4 Darren Tucker 2016-12-09 13:35:57 AEDT 
Comment on attachment 2907 [details]
log addresses too

>+				verbose("drop connection #%d from [%s]:%d "

won't that be wrong (or at least misleading) for IPv6 addresses?
Comment 5 Darren Tucker 2016-12-09 13:39:30 AEDT 
Comment on attachment 2907 [details]
log addresses too

[127.0.0.1]:22 vs [::1]:22

nevermind, I withdraw that bogus objection.
Comment 6 Damien Miller 2016-12-09 14:04:46 AEDT 
patch applied; this will be in OpenSSH 7.4
Comment 7 Damien Miller 2021-04-23 14:54:59 AEST 
closing resolved bugs as of 8.6p1 release