Mailing List Archive

[Bug 3055] New: Need some high-probability logging re MaxStartups
https://bugzilla.mindrot.org/show_bug.cgi?id=3055

Bug ID: 3055
Summary: Need some high-probability logging re MaxStartups
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs@mindrot.org
Reporter: oxwghc@fyvzl.net

Hi.

Currently, when MaxStartups is reached, sshd logs a single message per
dropped connection, at severity "verbose" (which doesn't appear
anywhere by default).

It seems to me that things that stop ssh working should be logged a bit
higher than verbose. These connection drops can be quite mysterious
nuisance otherwise.

Of course there's the problem that one message per such connection
would be a DoS opportuity in itself.

For a troubleshooter to be able to tell what's going on, it would be
good for there to be at least *some* high-priority message relatively
near in time to each drop. Also, a transition from "we are dropping
connections sometimes" to "things are fine" should be somehow
determinable by looking at the logs.

I propose the following broad approach:

* The first time a connection is dropped because of MaxStartups, log a
message with severity ERROR.
* Periodically (every minute maybe?) report on number or proportion of
dropped connections, again at severity ERROR.
* If connections stop being dropped, make this clear in the log (with
a message which implies that the next drop will be reported
immediately), maybe ERROR or INFO.

In a bit more detail:

* Maintain a counter of dropped connections, initially 0
* Maintain a timer, initially inactive
* When a connection is dropped:
- If the timer is not running, report
MaxStartups: first drop of a connection
and set the timer. (The counter remains at 0.)
- If the timer is running, increment the counter (only)
* When the timer fires:
- If the counter is nonzero, report
MaxStartups: %d drops since last report
and reset the timer.
- If the counter is zero, report
MaxStartups: no longer dropping connections
and do not reset the timer.

If a proper timer is awkward to implement in the sshd main loop, it
would be good enough to remember when we last printed a message, and
check that elapsed time after making the MaxStartups decision for each
new connection.

A more sophisticated approach might distinguish random from always
dropping, or sometimes report client or server addresses, or something.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs