TTY log not sent unless one command were executed.
Closed this issue · 7 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1.
The attacker logs in to verify the user/passwd combination and disconnects
immediately. (Possibly ctrl+d)
What is the expected behavior?
When HonSSH detects a new TTY log it should be sent using the mail function.
What behavior do you see instead?
The absence of these logs being sent.
What version of the product are you using?
56dfab7e24f1
On what operating system?
OpenBSD 5.3 amd64/5.4 amd64
Please provide any additional information below.
Dont know if this is working as intended.
Its not really a big issue whether or not i receive empty TTY logs :)
It looks to be working as long as the attacker enters at least one command.
Cheers,
B
Original issue reported on code.google.com by are.hans...@gmail.com
on 19 Mar 2014 at 5:49
Attachments:
GoogleCodeExporter commented
It seems the actual issue is because the email is only sent when a message 97
is received, the adv.log shows no message 97 was sent.
Maybe HonSSH should not rely on message 97 and instead have an inactivity timer
and then close the session? Would also solve the inactive session persistence.
Original comment by tnn...@googlemail.com
on 19 Mar 2014 at 6:44
- Changed state: Accepted
GoogleCodeExporter commented
Two issues - one stone. I like it :)
Original comment by are.hans...@gmail.com
on 19 Mar 2014 at 7:12
GoogleCodeExporter commented
Two issues - one headache :P I'll look into it this weekend :D
Original comment by tnn...@googlemail.com
on 19 Mar 2014 at 7:13
GoogleCodeExporter commented
Sorry to be adding to your head hurts man, but ive seen inconsistencies in the
mailing function. Only received one out of two tty logs today, both of them had
+1 commands executed.
Original comment by are.hans...@gmail.com
on 24 Mar 2014 at 8:00
Attachments:
GoogleCodeExporter commented
Haha, no worries, there's no real headaches, I'm enjoying all this :D
I'm thinking about moving the disconnect code (with the email etc.) into the
server part rather than the client part, server will always be disconnected and
therefore send the logs. Might to a quick notepad fix tonight, if not a proper
one at the during the week/weekend :P
Original comment by tnn...@googlemail.com
on 25 Mar 2014 at 6:55
GoogleCodeExporter commented
Original comment by tnn...@googlemail.com
on 30 Mar 2014 at 10:34
- Changed state: Started
GoogleCodeExporter commented
Email fixed :)
Original comment by tnn...@googlemail.com
on 30 Mar 2014 at 3:23
- Changed state: Fixed