TTY log not sent unless one command were executed.

Question

TTY log not sent unless one command were executed.

Closed this issue 10 years ago · 7 comments

GoogleCodeExporter commented 10 years ago

What steps will reproduce the problem?
1.
The attacker logs in to verify the user/passwd combination and disconnects 
immediately. (Possibly ctrl+d)

What is the expected behavior?
When HonSSH detects a new TTY log it should be sent using the mail function.

What behavior do you see instead?
The absence of these logs being sent.

What version of the product are you using?
56dfab7e24f1

On what operating system?
OpenBSD 5.3 amd64/5.4 amd64

Please provide any additional information below.
Dont know if this is working as intended.
Its not really a big issue whether or not i receive empty TTY logs :)
It looks to be working as long as the attacker enters at least one command.

Cheers,
B

Original issue reported on code.google.com by are.hans...@gmail.com on 19 Mar 2014 at 5:49

Attachments:

tty_log_not_sent.tar.gz

Answer 1 · 2015-03-16T17:40:15.000Z

It seems the actual issue is because the email is only sent when a message 97 
is received, the adv.log shows no message 97 was sent. 

Maybe HonSSH should not rely on message 97 and instead have an inactivity timer 
and then close the session? Would also solve the inactive session persistence.

Original comment by tnn...@googlemail.com on 19 Mar 2014 at 6:44

Changed state: Accepted

Answer 2 · 2015-03-16T17:40:16.000Z

Two issues - one stone. I like it :)

Original comment by are.hans...@gmail.com on 19 Mar 2014 at 7:12

Answer 3 · 2015-03-16T17:40:16.000Z

Two issues - one headache :P I'll look into it this weekend :D

Original comment by tnn...@googlemail.com on 19 Mar 2014 at 7:13

Answer 4 · 2015-03-16T17:40:17.000Z

Sorry to be adding to your head hurts man, but ive seen inconsistencies in the 
mailing function. Only received one out of two tty logs today, both of them had 
+1 commands executed.

Original comment by are.hans...@gmail.com on 24 Mar 2014 at 8:00

Attachments:

tty_log_not_sent.tar.gz

Answer 5 · 2015-03-16T17:40:17.000Z

Haha, no worries, there's no real headaches, I'm enjoying all this :D

I'm thinking about moving the disconnect code (with the email etc.) into the 
server part rather than the client part, server will always be disconnected and 
therefore send the logs. Might to a quick notepad fix tonight, if not a proper 
one at the during the week/weekend :P

Original comment by tnn...@googlemail.com on 25 Mar 2014 at 6:55

Answer 6 · 2015-03-16T17:40:17.000Z

Original comment by tnn...@googlemail.com on 30 Mar 2014 at 10:34

Changed state: Started

Answer 7 · 2015-03-16T17:40:18.000Z

Email fixed :)

Original comment by tnn...@googlemail.com on 30 Mar 2014 at 3:23

Changed state: Fixed