diff options
Diffstat (limited to 'modules/ssh')
| -rw-r--r-- | modules/ssh/ssh.go | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go index 22683b003b..bcaae5a180 100644 --- a/modules/ssh/ssh.go +++ b/modules/ssh/ssh.go @@ -12,6 +12,7 @@ import ( "encoding/pem" "fmt" "io" + "net" "os" "os/exec" "path/filepath" @@ -239,6 +240,15 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool { return true } +// sshConnectionFailed logs a failed connection +// - this mainly exists to give a nice function name in logging +func sshConnectionFailed(conn net.Conn, err error) { + // Log the underlying error with a specific message + log.Warn("Failed connection from %s with error: %v", conn.RemoteAddr(), err) + // Log with the standard failed authentication from message for simpler fail2ban configuration + log.Warn("Failed authentication attempt from %s", conn.RemoteAddr()) +} + // Listen starts a SSH server listens on given port. func Listen(host string, port int, ciphers []string, keyExchanges []string, macs []string) { srv := ssh.Server{ @@ -252,6 +262,7 @@ func Listen(host string, port int, ciphers []string, keyExchanges []string, macs config.Ciphers = ciphers return config }, + ConnectionFailedCallback: sshConnectionFailed, // We need to explicitly disable the PtyCallback so text displays // properly. PtyCallback: func(ctx ssh.Context, pty ssh.Pty) bool { |