summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorEric Lesiuta <elesiuta@gmail.com>2020-12-08 12:54:33 -0500
committerGitHub <noreply@github.com>2020-12-08 18:54:33 +0100
commitabb9cffe4a9b36c124b1ef8fad4a00eff4ba36de (patch)
treec2700e2ee86ac70a5f50979aed172f3de197d3dc /routers
parent42354dfe45fa0cabb59674b896c44a55a56cf163 (diff)
downloadgitea-abb9cffe4a9b36c124b1ef8fad4a00eff4ba36de.tar.gz
gitea-abb9cffe4a9b36c124b1ef8fad4a00eff4ba36de.zip
Log IP on SSH authentication failure for Built-in SSH server (#13150)
* Log IP on SSH authentication failure fixes https://github.com/go-gitea/gitea/issues/13094 * include string 'Failed authentication attempt' in error * update fail2ban docs also match failed authentication over command line * better logging of authentication errors with IP addresses * format ... Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'routers')
-rw-r--r--routers/private/serv.go2
-rw-r--r--routers/repo/http.go1
2 files changed, 3 insertions, 0 deletions
diff --git a/routers/private/serv.go b/routers/private/serv.go
index 182fe27245..90e1d30b01 100644
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@@ -132,6 +132,7 @@ func ServCommand(ctx *macaron.Context) {
for _, verb := range ctx.QueryStrings("verb") {
if "git-upload-pack" == verb {
// User is fetching/cloning a non-existent repository
+ log.Error("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
ctx.JSON(http.StatusNotFound, map[string]interface{}{
"results": results,
"type": "ErrRepoNotExist",
@@ -317,6 +318,7 @@ func ServCommand(ctx *macaron.Context) {
userMode := perm.UnitAccessMode(unitType)
if userMode < mode {
+ log.Error("Failed authentication attempt for %s with key %s (not authorized to %s %s/%s) from %s", user.Name, key.Name, modeString, ownerName, repoName, ctx.RemoteAddr())
ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
"results": results,
"type": "ErrUnauthorized",
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 40c1f36bc3..d4464ec62e 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -102,6 +102,7 @@ func HTTP(ctx *context.Context) {
owner, err := models.GetUserByName(username)
if err != nil {
+ log.Error("Attempted access of unknown user from %s", ctx.RemoteAddr())
ctx.NotFoundOrServerError("GetUserByName", models.IsErrUserNotExist, err)
return
}