From 86717deb0efdc4deb459f7407ecba11b0e0f9e8e Mon Sep 17 00:00:00 2001 From: Michael Pursifull Date: Sat, 18 Apr 2026 22:24:01 -0500 Subject: [PATCH] feat(ssh): include client IP in connection log line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ssh-connect log now reads `user@ip (fingerprint)` instead of `user (fingerprint)`. When multiple hosts share a key (e.g., fleet bootstrap workflow), the IP disambiguates which machine just connected. Port is intentionally omitted — it's ephemeral source port churn that provides no useful signal and would also defeat logbuf dedup for every connection burst. Uses net.SplitHostPort with a fallback to the raw address string for defensive parsing (mrvl:// is always TCP today, but the code doesn't assume). --- docs/admin-guide.md | 2 +- internal/daemon/sshserver.go | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/admin-guide.md b/docs/admin-guide.md index 51a15be..d609e70 100644 --- a/docs/admin-guide.md +++ b/docs/admin-guide.md @@ -345,7 +345,7 @@ session dev/squad-worker-g1-0 using forestage adapter # adapter selection session dev/squad-worker-g1-0 running in pane %5 # session created health: session ... failed (restart_policy=always) # health failure shift: initiated for dev/squad gen 1→2 # shift started -ssh: client connected: michael (SHA256:abc...) # remote connection +ssh: client connected: michael@10.0.0.42 (SHA256:abc...) # remote connection inject: dev/squad-worker-g1-0 <- 42 bytes # executive injection ``` diff --git a/internal/daemon/sshserver.go b/internal/daemon/sshserver.go index 6c7b125..e409c06 100644 --- a/internal/daemon/sshserver.go +++ b/internal/daemon/sshserver.go @@ -106,7 +106,11 @@ func (s *SSHServer) handleConnection(conn net.Conn) { if sshConn.Permissions != nil { fp = sshConn.Permissions.Extensions["pubkey-fp"] } - log.Printf("ssh: client connected: %s (%s)", sshConn.User(), fp) + host := conn.RemoteAddr().String() + if h, _, err := net.SplitHostPort(host); err == nil { + host = h + } + log.Printf("ssh: client connected: %s@%s (%s)", sshConn.User(), host, fp) // Discard global requests (keepalive, etc.) go ssh.DiscardRequests(reqs)