From 46f727a6fa327e09d246d02148a2f5141512bc5a Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Tue, 23 Oct 2018 10:35:18 -0500
Subject: [PATCH] Generate ssh_auth_attempted for the 'none' authentication
 method.

ssh_auth_attempted sets some requisite fields that ssh_auth_successful
relies on. ssh_auth_attempted wasn't getting called because of a logic
error.

For a more complete discussion of this issue, see:
https://github.com/bro/bro/issues/192
---
 src/analyzer/protocol/ssh/SSH.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc
index 3b94f1f26c..3f87052d30 100644
--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@@ -106,6 +106,8 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
 		if ( ! userauth_failure_size && (len + 16 == service_accept_size) )
 			{
 			auth_decision_made = true;
+			if ( ssh_auth_attempted )
+				BifEvent::generate_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
 			if ( ssh_auth_successful )
 				BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
 			return;