Menu
▾
▴
Re: [Sshguard-users] [Sshguard-maintainers] SSHGuard 1.6.1 release announcement
|
From: Willem J. W. <wj...@di...> - 2015-08-04 12:04:35
|
On 4-8-2015 03:31, Kevin Zheng wrote: > On 08/03/2015 03:36, Willem Jan Withagen wrote: >> I added some code on FreeBSD to libssh to make some errors actually log >> the the ip-number, because this is usualy abuse as well.... >> >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055 >> >> And it changes the log like: >> fatal: Read from socket failed: Connection reset by peer [preauth] >> >> Which is rather useless for tools like sshguard and/or fail2ban >> >> But this patch changes this info to: >> Aug 2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 >> [preauth] >> Aug 2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: >> Connection reset by peer [preauth] > > This looks like a patch against OpenSSH. > >> But then again this needs to be picked upt by sshguard with an extra >> parser rule... > > It'll be a while before this change makes it upstream, and it might > change before it gets there, so I'll hold off on this change. I checked the upstream and what I see there is a completely new setup at least with regards to logging. So you actually need to install and run it to get a grip for how things are going to look in the upcoming releases.... I'm going to install openssh-portable-devel on one of my servers, and see what is going on there.... --WjW |
