http://bugzilla.mindrot.org/show_bug.cgi?id=1246
Summary: Protocol version identification errors don't log the
sender IP anymore, always UNKNOWN
Product: Portable OpenSSH
Version: 4.4p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: bitbucket@mindrot.org
ReportedBy: jan.iven@cern.ch
Errors on the initial protocol message do not log the IP of the sender
anymore. I.e. doing
$ echo "GOOD MORNING" >/dev/tcp/somehost.somedomain/22
results in
sshd[28192]: Bad protocol version identification 'GOOD MORNING' from
UNKNOWN
This appears to be due to the fact that sock_in gets closed before
get_remote_ipaddr() has a chance to find out who is at the remote end.
Apparently, this worked somehow at least in openssh-3.6p1, perhaps the
IP caching was different then.
Since the process will exit immediately afterwards anyway, maybe there
is no need to close these two sockets? They don't get closed on other
codepaths with similar functionality (e.g after the "scanned from ..
Don't panic."-piece).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: Protocol version identification errors don't log the
sender IP anymore, always UNKNOWN
Product: Portable OpenSSH
Version: 4.4p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: bitbucket@mindrot.org
ReportedBy: jan.iven@cern.ch
Errors on the initial protocol message do not log the IP of the sender
anymore. I.e. doing
$ echo "GOOD MORNING" >/dev/tcp/somehost.somedomain/22
results in
sshd[28192]: Bad protocol version identification 'GOOD MORNING' from
UNKNOWN
This appears to be due to the fact that sock_in gets closed before
get_remote_ipaddr() has a chance to find out who is at the remote end.
Apparently, this worked somehow at least in openssh-3.6p1, perhaps the
IP caching was different then.
Since the process will exit immediately afterwards anyway, maybe there
is no need to close these two sockets? They don't get closed on other
codepaths with similar functionality (e.g after the "scanned from ..
Don't panic."-piece).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs