On Wed, Oct 18, 2023 at 03:05:20PM -0400, Chris Rapier wrote: [snip] > I don't think the actually banning part would be all that hard. It's > everything that goes along with it in terms of managing things and making > sure it would be performant enough in high volume scenarios. I've tried hard to not jump in here and (obviously) failed. At the risk of protracting an already overlong sub-thread on this topic, I believe the unstated assumption (from my perspective) being missed behind this feature request is that fail2ban and others would move to this new API, and not use logs anymore -- not that openssh grows fail2ban features. In a perfect world this means there's a new, stable API that all the fail2ban-alikes and local programs use, and the ssh project can be free to modify log output without worrying about breaking every security stack. Whether or not that is true is a different issue, as is the stability of the log message format "de-facto API". (this time actually out, for real) paultag -- :wq _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
