yes, that is accidentally backwards. I'll fix On Fri, 16 Aug 2024, Peter Johnson wrote: > Hi there -- > > I'm running openssh-9.8p1 on Arch Linux and recently I've been seeing quite a > few log messages of this form (identifying information changed to protect the > innocent): > > sshd[1234]: Timeout before authentication for connection from 12.34.56.78 to 87.65.43.21, pid = 123456 > > The confusing thing is that 12.34.56.78 is the IP address of the machine > running sshd, and thus the phrasing of the message suggests that sshd itself > is trying to initiate a connection to 87.65.43.21, which is kind of terrifying > to me given how the machine is used. > > I poked around the code and I think the message consed up in child_register > (sshd.c:265) has laddr and raddr transposed: > > xasprintf(&child->id, "connection from %s to %s", laddr, raddr); > > should be: > > xasprintf(&child->id, "connection from %s to %s", raddr, laddr); > > The phrasing "from X to Y" suggests that X is the client and Y is the server; > since this is sshd, by definition, the client is remote (raddr) and the server > is local (laddr). Note also that the call to xasprintf four lines earlier > uses raddr as the "from". > > pete > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev