Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 159268 - RFE: Log IPv4 adresses as IPv4, not IPv6.
Summary: RFE: Log IPv4 adresses as IPv4, not IPv6.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
: 172181 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-01 08:47 UTC by Björn Augustsson
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-01 14:41:11 UTC


Attachments (Terms of Use)

Description Björn Augustsson 2005-06-01 08:47:33 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Red Hat/1.7.8-1.1.3.1

Description of problem:
sshd logs all connection attempts as IPv6 addresses, even if they were really
IPv4. Ie:

May 29 18:58:06 homer sshd[5357]: Failed password for root from ::ffff:209.152.166.153 port 49674 ssh2
May 29 18:58:07 homer sshd[5359]: Invalid user admin from ::ffff:209.152.166.153

This clutters up the logs (and hence logwatch mails) and is generally unsightly. 

A workaround is to add

ListenAddress 0.0.0.0

to /etc/ssh/sshd_conf, but that disables listening to ipv6 alltogether,
which isn't really what I want.

Upstream has a patch to fix this. From the 4.1p1 changelog:

20050503
 - (dtucker) [canohost.c] normalise socket addresses returned by
   get_remote_hostname().  This means that IPv4 addresses in log messages
   on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
   AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
   addresses only for 4-in-6 mapped connections, regardless of whether
   or not the machine is IPv6 enabled.  ok djm@

Please backport this.

/August.

Version-Release number of selected component (if applicable):
openssh-3.9p1-8.RHEL4.4

How reproducible:
Always

Steps to Reproduce:
1. install openssh
2. ssh to it (via ipv4)
3. check out the logs.
  

Actual Results:  encapsulated ipv4 addresses.

Expected Results:  proper dotted-quad ipv4 addressses.

Additional info:

Comment 1 Suzanne Hillman 2005-06-01 14:41:11 UTC
In order to file a RHEL feature request, please either contact Red Hat's
Technical Support line at 888-REDHAT-1 or file a web ticket at
http://www.redhat.com/apps/support/.  Bugzilla is not an official support
channel, has no response guarantees, and may not route your request to the
correct area to assist you.  Using the official support channels above will
guarantee that your issue is handled appropriately and routed to the
individual or group which can best assist you with this issue and will also
allow Red Hat to track the issue, ensuring that any applicable feature
addition is included in all releases and is not dropped from a future update
or major release.

Comment 2 Tomas Mraz 2005-11-01 08:08:06 UTC
*** Bug 172181 has been marked as a duplicate of this bug. ***

Comment 3 Björn Augustsson 2005-11-01 10:19:32 UTC
We have the academic site license, which doesn't include that kind of support.

(Yes, we have a bunch of systems with additional support, but this "bug" doesn't
apply to them, they're still at rhel 2.1 or 3)

I thought this kind of thing was what the "enhancement" severity was for.

/August.


Note You need to log in before you can comment on or make changes to this bug.