(fwd) sshd events
Charles Swiger
cswiger at mac.com
Thu Jun 9 18:42:40 GMT 2005
On Jun 9, 2005, at 9:12 AM, Eugene M. Minkovskii wrote:
> I put some users into AllowGroups, in logs I can read something
> like this: "User xxx not allowed because none of user's groups
> are listed in AllowGroups", and I can't see from what IP I got
> this request.)
OK. Consider something like (watch linewrapping):
--- openssh/auth.c_orig Thu Jun 9 14:25:48 2005
+++ openssh/auth.c Thu Jun 9 14:27:36 2005
@@ -198,8 +198,8 @@
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
ga_free();
- logit("User %.100s not allowed
because none of user's groups are listed in AllowGroups",
- pw->pw_name);
+ logit("User %.100s from IP %.100s not
allowed because none of user's groups are listed in AllowGroups",
+ pw->pw_name, get_remote_ipaddr());
return 0;
}
ga_free();
> Moreover, I think parsing auth.log is not beautelul idea. Can
> sshd do some actions after he allow or deny connection? Can he
> run some script with some arguments?
While you could do something like have sshd execl() some script upon
a denied connection, it's not likely to be a great idea: the
potential for DoS'ing sshd by creating lots of bad connections, would
be pretty easy.
Anyway, you've got the source, it's in /usr/src/crypto/openssh. :-)
--
-Chuck
More information about the freebsd-questions
mailing list