make the "Too many authentication failures" message include the

user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker
author: djm <djm@openbsd.org> 2014-07-03 11:16:55 +0000
committer: djm <djm@openbsd.org> 2014-07-03 11:16:55 +0000
commit: 2f1e2083969e4558a30b72a8e4016cbe3fe3678b (patch)
tree: 7191b6d59807400ce3a0d14c9a9f26797807599d /usr.bin/ssh/auth.c
parent: Revert back to 1.129: pool_init() is called before rwlocks can be (diff)
download: wireguard-openbsd-2f1e2083969e4558a30b72a8e4016cbe3fe3678b.tar.xz
wireguard-openbsd-2f1e2083969e4558a30b72a8e4016cbe3fe3678b.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 72b88c207da..afde0c7587d 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -236,6 +236,19 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 	authctxt->info = NULL;
 }
 
+void
+auth_maxtries_exceeded(Authctxt *authctxt)
+{
+	packet_disconnect("Too many authentication failures for "
+	    "%s%.100s from %.200s port %d %s",
+	    authctxt->valid ? "" : "invalid user ",
+	    authctxt->user,
+	    get_remote_ipaddr(),
+	    get_remote_port(),
+	    compat20 ? "ssh2" : "ssh1");
+	/* NOTREACHED */
+}
+
 /*
  * Check whether root logins are disallowed.
  */
author	djm <djm@openbsd.org>	2014-07-03 11:16:55 +0000
committer	djm <djm@openbsd.org>	2014-07-03 11:16:55 +0000
commit	2f1e2083969e4558a30b72a8e4016cbe3fe3678b (patch)
tree	7191b6d59807400ce3a0d14c9a9f26797807599d /usr.bin/ssh/auth.c
parent	Revert back to 1.129: pool_init() is called before rwlocks can be (diff)
download	wireguard-openbsd-2f1e2083969e4558a30b72a8e4016cbe3fe3678b.tar.xz wireguard-openbsd-2f1e2083969e4558a30b72a8e4016cbe3fe3678b.zip