diff options
| author | Jose Luis Duran <jlduran@FreeBSD.org> | 2026-05-16 22:00:02 +0000 |
|---|---|---|
| committer | Jose Luis Duran <jlduran@FreeBSD.org> | 2026-05-16 22:00:02 +0000 |
| commit | 3d246db08333c06df343281d5aaebfd07ea08252 (patch) | |
| tree | b4ff2d592540c5a311b7bdf63132b4b176e2c408 | |
| parent | 72ab129799a231e322b119de3f9c1263e76527b8 (diff) | |
| -rw-r--r-- | crypto/openssh/sshd-auth.c | 5 | ||||
| -rw-r--r-- | crypto/openssh/sshd-session.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/crypto/openssh/sshd-auth.c b/crypto/openssh/sshd-auth.c index 76350a2a3501..e335bda8ee48 100644 --- a/crypto/openssh/sshd-auth.c +++ b/crypto/openssh/sshd-auth.c @@ -96,6 +96,7 @@ #include "srclimit.h" #include "ssh-sandbox.h" #include "dh.h" +#include "blocklist_client.h" /* Privsep fds */ #define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1) @@ -812,8 +813,10 @@ do_ssh2_kex(struct ssh *ssh) free(hkalgs); if ((r = kex_exchange_identification(ssh, -1, - options.version_addendum)) != 0) + options.version_addendum)) != 0) { + BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, "Banner exchange"); sshpkt_fatal(ssh, r, "banner exchange"); + } mm_sshkey_setcompat(ssh); /* tell monitor */ if ((ssh->compat & SSH_BUG_NOREKEY)) diff --git a/crypto/openssh/sshd-session.c b/crypto/openssh/sshd-session.c index ae41b4d7595f..26a361fe621e 100644 --- a/crypto/openssh/sshd-session.c +++ b/crypto/openssh/sshd-session.c @@ -1369,8 +1369,11 @@ cleanup_exit(int i) audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif /* Override default fatal exit value when auth was attempted */ - if (i == 255 && monitor_auth_attempted()) + if (i == 255 && monitor_auth_attempted()) { + BLOCKLIST_NOTIFY(the_active_state, BLOCKLIST_AUTH_FAIL, + "Fatal exit"); _exit(EXIT_AUTH_ATTEMPTED); + } if (i == 255 && monitor_invalid_user()) _exit(EXIT_INVALID_USER); _exit(i); |