diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1297,13 +1297,22 @@ SO_LINGER, &l, sizeof(l)); (void )close(*newsock); /* - * Mimic message from libwrap's refuse() - * exactly. sshguard, and supposedly lots - * of custom made scripts rely on it. + * Mimic message from libwrap's refuse() as + * precise as we can afford. The authentic + * message prints the IP address and the + * resolved hostname in parenthesis. We can't + * go into name resolution in the main server + * loop. Neither logging resolved name makes + * any sense for an incident investigation. + * But we preserve the refuse() format as close + * as possible to not break auditing software + * like sshguard and supposedly lots of custom + * made log parsing scripts. Thus we print the + * IP address twice. */ syslog(LOG_WARNING, "refused connect from %s (%s)", - eval_client(&req), + eval_hostaddr(req.client), eval_hostaddr(req.client)); debug("Connection refused by tcp wrapper"); continue;