Re: [Sshguard-users] OS X 10.10 (Yosemite) and "authentication error for <user> from <ip> via <ip>"

[Bradley G. <pi...@ma...>]

On Feb 2, 2015, at 6:11 PM, Bradley Giesbrecht <pi...@ma...> wrote:

> 
> On Feb 2, 2015, at 5:22 PM, Kevin Zheng <kev...@gm...> wrote:
> 
>> Hi Barry,
>> 
>> On 02/02/2015 18:59, Barry Muldrey wrote:
>>> Does anyone know who's responsible for printing the "...via 10.0.1.100"
>>> in the syslog message?
>>> I presume it's there to tell me which interface the attack came in on
>>> (for multiple LAN interface machines)?
>>> Easiest work-around would be to turn off this portion of the message;
>>> I've tried various LogLevels and SyslogFacilities in sshd_config to no
>>> avail...
>> 
>> You (and other people) are invited to test the attached patch.
>> 
>> Let me know how it works!
> 
> No errors here but have not been able to confirm correctness though it looks good.

Works here. With patch, running sshguard with SSHGUARD_DEBUG matches attacks previously ignored.


Regards,
Bradley Giesbrecht (pixilla)