potentially confusing log message?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi there --

I'm running openssh-9.8p1 on Arch Linux and recently I've been seeing quite a
few log messages of this form (identifying information changed to protect the
innocent):

    sshd[1234]: Timeout before authentication for connection from 12.34.56.78 to 87.65.43.21, pid = 123456

The confusing thing is that 12.34.56.78 is the IP address of the machine
running sshd, and thus the phrasing of the message suggests that sshd itself
is trying to initiate a connection to 87.65.43.21, which is kind of terrifying
to me given how the machine is used.

I poked around the code and I think the message consed up in child_register
(sshd.c:265) has laddr and raddr transposed:

    xasprintf(&child->id, "connection from %s to %s", laddr, raddr);

should be:

    xasprintf(&child->id, "connection from %s to %s", raddr, laddr);

The phrasing "from X to Y" suggests that X is the client and Y is the server;
since this is sshd, by definition, the client is remote (raddr) and the server
is local (laddr).  Note also that the call to xasprintf four lines earlier
uses raddr as the "from".

pete

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux