Differential D40069

sshd: do not resolve refused client hostname
ClosedPublic
Actions

Authored by glebius on May 11 2023, 7:11 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Jan 7 2024, 2:09 AM

	Unknown Object (File)
	Dec 23 2023, 9:37 AM

	Unknown Object (File)
	Dec 19 2023, 7:06 PM

	Unknown Object (File)
	Dec 12 2023, 7:20 AM

	Unknown Object (File)
	Nov 16 2023, 7:34 AM

	Unknown Object (File)
	Nov 1 2023, 2:43 PM

	Unknown Object (File)
	Sep 30 2023, 2:47 PM

	Unknown Object (File)
	Sep 22 2023, 4:50 AM

View All 15 Files

Subscribers

Details

Reviewers

emaste
gordon
philip

Group Reviewers

secteam
security

Commits

rG0fbec53dcfb8: sshd: do not resolve refused client hostname
rG9ff45b8ed847: sshd: do not resolve refused client hostname

Summary

This is a compromise between POLA and practical reasoning. We don't
want to block the main server loop in an attempt to resolve. But we
need to keep the format of the logged message as is, for sake of
sshguard and other scripts. So let's print just the IP address twice,
this is what libwrap's refuse() would do if it failed to resolve.

PR: 269456

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

glebius created this revision.May 11 2023, 7:11 PM

Herald added a subscriber: imp. · View Herald TranscriptMay 11 2023, 7:11 PM

glebius requested review of this revision.May 11 2023, 7:11 PM

glebius added a parent revision: D40068: sshd: remove unneeded initialization of libwrap logging severities.

glebius added a child revision: D40070: tcp_wrappers: recognize IPv6 addresses/prefixes.

Harbormaster completed remote builds in B51453: Diff 121873.May 11 2023, 7:11 PM

glebius added reviewers: gordon, secteam, security.May 11 2023, 7:12 PM

I think this is a good compromise. I suggest some minor grammar/wording changes to clarify the comment. Nothing consequential. This looks good to me.

crypto/openssh/sshd.c
1299–1314

This revision is now accepted and ready to land.May 16 2023, 8:30 AM

Closed by commit rG9ff45b8ed847: sshd: do not resolve refused client hostname (authored by glebius). · Explain WhyJul 20 2023, 9:59 PM

This revision was automatically updated to reflect the committed changes.

glebius added a commit: rG9ff45b8ed847: sshd: do not resolve refused client hostname.

emaste added a commit: rG0fbec53dcfb8: sshd: do not resolve refused client hostname.Dec 18 2023, 5:38 PM

Revision Contents
Changeset List

Path

Size

crypto/

openssh/

19 lines

Diff 124942

crypto/openssh/sshd.c

Loading...