[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used

Don Reid don at bunfight.net
Mon Feb 15 22:45:44 GMT 2010


auth_log in auth.c is not changing the error logging function from
"authlog" to "logit" for this type of error (line 258). If you use "sshd
start -dd" you will get the failed attempt clearly on the screen but NOT
in auth.log.

NB. Setting LogLevel to VERBOSE does show the failed attempts quite well
I think:

This account does not exist:
Feb 16 00:17:18 nono sshd[18101]: Connection from 192.168.0.247 port 36732
Feb 16 00:17:19 nono sshd[18101]: Invalid user r2 from 192.0.168.247

This account exists on the server but does not have a publickey:
Feb 16 00:17:24 nono sshd[18103]: Connection from 192.168.0.247 port 36733
Feb 16 00:17:24 nono sshd[18103]: Failed publickey for ob1 from 192.168.0.247 port 36733 ssh2

Also note that specifically denying users through the various
allow/deny/user/group methods in sshd_config has an effect on the error
logged as well.

However I agree that the 2nd line of the two should be logged as "INFO".
Will continue tomorrow...

Regards, Don.

-- 
OpenSSH does not log failed attempts when key authentication is used
https://bugs.launchpad.net/bugs/501956
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.



More information about the Ubuntu-server-bugs mailing list