Note: This is an archival copy of Security Sun Alert 200790 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000605.1.
Article ID : 1000605.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-04-01
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

The Sun Secure Shell Daemon (sshd(1M)) May Fail to Log SSH Client IP Addresses


Release Phase

Solaris 9 Operating System

Bug Id

Date of Resolved Release


The Sun Secure Shell Daemon (sshd(1M)) may fail to log the IP address of client systems which connect to the sshd(1M) daemon with the ssh(1) client utility. The IP address logged will contain all zeros rather than the correct IP address.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 113273-05

x86 Platform

  • Solaris 9 without patch 114858-04

Note: Solaris 7 and 8 do not ship the Sun Secure Shell Daemon (sshd(1M)) and are therefore not impacted by this issue.

A system is only affected by this issue if the sshd configuration file (sshd_config(4)) has the "ListenAddress" keyword configured as "" which means to listen on only IPv4 (see inet(3SOCKET)) configured interfaces. For example:

    $ grep ListenAddress /etc/ssh/sshd_config

To determine which interfaces on a system are configured to use IPv4 the following command can be run:

    $ ifconfig -a4
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet netmask ff000000
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1400 index 2
inet netmask ffffff00 broadcast


The Sun Secure Shell Daemon (sshd(1M)) by default writes to the system log (syslog(3C)) with a default severity level of "info" and a facility of "auth". If system messages of type "" or "*.info" are configured to be logged in the syslog.conf(4) file, the messages from sshd with an IP address of all zeros will look similar to:

    $ grep sshd $(awk '/(|\*.info)/ {print $NF}' /etc/syslog.conf)
Apr  2 16:38:16 sunhost sshd[124383]: [ID 800047] Accepted
password for username from port 53979 ssh2


For sites which are utilizing both IPv4 and IPv6 (see inet(3SOCKET)) network interfaces, to prevent this issue from occurring the sshd_config(4) file can be edited to listen on both IPv4 and IPv6 configured interfaces by setting the "ListenAddress" keyword to contain two colons (::). For example:

    $ grep ^ListenAddress /etc/ssh/sshd_config
ListenAddress ::

If the sshd_config(4) file is modified, the sshd daemon needs to be sent a SIGHUP signal to re-read the file. For example, as the root user:

    # pkill -HUP sshd


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 113273-05 or later

x86 Platform

  • Solaris 9 with patch 114858-04 or later

Modification History



This solution has no attachment