Menu
▾
▴
Re: [Sshguard-users] OS X 10.10 (Yosemite) and "authentication error for <user> from <ip> via <ip>"
|
From: Kevin Z. <kev...@gm...> - 2015-02-03 00:48:06
|
Hi Barry,
On 02/02/2015 14:52, Barry Muldrey wrote:
> /* wrong password for valid user @ FreeBSD, Debian */
> "error: PAM: "[aA]"uthentication "(error|failure)" for "("illegal user
> ")?.+" from " { return SSH_LOGINERR_PAM; }
>
> which seems to be the appropriate pattern...
Not quite. You're looking at the lexer, which is responsible for
retrieving separable tokens. To add "via", you are interested in
'attack_parser.y', in particular these lines:
ssh_authfail:
SSH_LOGINERR_PREF addr SSH_LOGINERR_SUFF
| SSH_LOGINERR_PAM addr
;
The solution is to add a new lexer token along the lines of
SSH_OPT_ADDR_SUFFIX and append this to this yacc rule.
This should not be difficult, but isn't exactly trivial either.
Hopefully I'll get around to this soon.
Thanks,
Kevin Zheng
--
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
|
