A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this.

scripts/base/protocols/ssh/main.bro

@@ -118,7 +118,7 @@ event ssh_client_version(c: connection, version: string)
 		c$ssh$version = 2;
 	}
 
-event ssh_auth_successful(c: connection, auth_method_none: bool)
+event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=5
 	{
 	# TODO - what to do here?
 	if ( !c?$ssh || ( c$ssh?$auth_success && c$ssh$auth_success ) )
@@ -146,7 +146,7 @@ event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=-5
 		}
 	}
 
-event ssh_auth_failed(c: connection)
+event ssh_auth_failed(c: connection) &priority=5
 	{
 	if ( !c?$ssh || ( c$ssh?$auth_success && !c$ssh$auth_success ) )
 		return;

scripts/policy/protocols/ssh/geo-data.bro

@@ -32,6 +32,9 @@ function get_location(c: connection): geo_location
 
 event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
 	{
+	if ( ! c$ssh?$direction )
+		return;
+	
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
 	
@@ -47,6 +50,9 @@ event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
 
 event ssh_auth_failed(c: connection) &priority=3
 	{
+	if ( ! c$ssh?$direction )
+		return;
+	
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
 	}