diff options
Diffstat (limited to 'usr.bin/ssh/monitor.c')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index be2981eca99..6d34e7240f7 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.243 2024/09/15 00:41:18 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.244 2024/09/15 01:09:40 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -81,6 +81,7 @@ #include "match.h" #include "ssherr.h" #include "sk-api.h" +#include "srclimit.h" #ifdef GSSAPI static Gssctxt *gsscontext = NULL; @@ -723,6 +724,15 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) ssh_packet_set_log_preamble(ssh, "%suser %s", authctxt->valid ? "authenticating" : "invalid ", authctxt->user); + if (options.refuse_connection) { + logit("administratively prohibited connection for " + "%s%s from %.128s port %d", + authctxt->valid ? "" : "invalid user ", + authctxt->user, ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh)); + cleanup_exit(EXIT_CONFIG_REFUSED); + } + /* Send active options to unpriv */ mm_encode_server_options(m); |