> Von: openssh-unix-dev [mailto:openssh-unix-dev- > > On Thu, 15 Sep 2016, Damien Miller wrote: > > I'm not seeing a problem here. It's logging a string, and we escape any > > non-ASCII characters in log.c. If anything it's probably too strict > > (wrt escaping valid UTF-8 from logs on systems that support it). > > Great, thanks for confirming. That's the answer I was hoping for! :-) I did similar testing some years ago. The escaping is fine (was already back than). It also seems, that issues with limiting the line length were not/never affecting OpenSSH or are already fixed - I do not remember the products/versions tested any more. So line splitting with remote syslog when reaching the 1024 byte limit is also impossible. Only thing that remains seems to be, that the '[preauth]' tag is lost when limiting the line length. This might fool some IDS system mixing up pre/post auth disconnects for some kind of analysis (do not know if any system on the market might have such rules). The anomaly detection algorithms we are experimenting with could generate rules sensitive to that in the learning phase but I have not tested, if that would really happen. Sep 15 08:59:52 localhost sshd[2693]: error: Received disconnect from 127.0.0.1 port 47886:3: \\373\\336'\\273\\017\\254]s\\243\\306\\030\\321\\210y\\223b\\006\\031w\\363 \\251(\\343\\264t\\226\\016 \\306.\\324\\217\\a\\020np\\220\\323\\220\\024\\001V\\0378x^\\2733\\247\\006 \\312\\226\\177\\217~V>m\\330Qv\\322\\344\\274\\210\\341\\325\\001F\\313|/\\ 374)@\\234X|s*^|\\272\\252\\254\\342\\340\\244\\t\\016\\216{\\313&WR\\246\\3 11te^\\264\\356\\206#.a\\267\\375d\\245\\327\\r#H\\372\\177\\333+\\304\\243@ \\342\\001\\303:Y'|\\272v\\036 [prea Testclient (base64 -d |tar -xj): QlpoOTFBWSZTWcfIXoUAASJ/hMgQAEBr///TP2+fLv/v32AAAIAYQAJdrdzNy13YSoEp/qk2keU8 1PUxJoeoNDQwgAAxGmgBoIE0KMyhp6T0NRoAMJoDTQAAASRRR5T0niT00IHqeoANDQMmRoADQaBJ JTAm0o2p6E0eUAaAAADQANqD1Pr8vutQBFChIK6pCuqWIeyQDlSWPcGpfnuMQtChb6BGGj08Vkj8 tEZfiasqJEUT56meTUJs6qYTzUFV7MD+iDOfd0w2bMIxiHWcxwkczMyxg7KEtkBlw/q4sGlqDsbZ O+4PfRv5ZGlctVS1aSMQQYOYLYXxc6MsHm4YKIwyatOFhs6lmTMMhmnYHJpLtHRJIGVg56zQD9Iy F314yYARmCtucAVkAOiyarCHyyzqPZRGjNme54iYmZgiTOaBih2GQNRKYab5eK9XgumFO0iX9jXG ca/nylWaxXnM+L0yHvOHzlTtgsIM6VDWtbZ2JY8z7WNzZnUiv67QjqE29GIvHFEo4RgDBYL2jed8 P0R30p/Q2fZTBU3P63UEYq1hT66gjWWgvI0UjP/pmBiGnSZ1gU7oJyacUKZZNpBegGxFGApVaAti ujLfAxnmkQYYnpUIGQEioQEyTdU9KLYJhRlefgSUieKnnivwr6VSryEVkZqQzVoeJ1oK4QpQICEd PanVwLyha7asD5oFMBUCcSQ1hWoD/wQtw1WWJorwXYm2a6JS3uSxxK2olaN79nLIqUVPL9pngBhh 77BmYJUwVeottLlM5EKVMBBMx4dUIBDI+sOFqF65YDAsVjAycF5wmIcUgri3EBgjeighRTKiotjl exsIRzIZlBVOrCT1JAf4u5IpwoSGPkL0KA== Kind regards, Roman
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
