A SSH service on a server running Gentoo is being scanned and brute-forced, subject to all the "privileges" of running on a public IP address. For some random connections, only the following messages are logged to syslog: Apr 7 18:09:10 localhost sshd:20499:info Received disconnect from 77.233.89.158: 11: disconnected by user Apr 7 18:09:10 localhost sshd:20499:info Disconnected from 77.233.89.158 Apr 7 18:09:10 localhost sshd:20496:err error: mm_request_receive: socket closed If the system administrator has configured syslog to drop messages with informational priority, only the cryptic and rather useless "error: mm_request_receive: socket closed" remain. These messages contain no IP address of the client and seem useless from a systems administration point of view. I mean what kind of reasonable action is the sysadmin supposed to take on such an error message? The error messages do not contain information about whether the disconnect happened before or after authentication, or what was the IP address of the client etc. [ebuild R ~] net-misc/openssh-6.8_p1-r3 USE="libedit pam pie ssl -X -X509 -bindist -debug -hpn -kerberos -ldap -ldns -sctp (-selinux) -skey -ssh1 -static"
please file such requests here: https://bugzilla.mindrot.org/ we have no plans on writing custom code here
Reported to https://bugzilla.mindrot.org/show_bug.cgi?id=2375
thanks!
