[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
Simon Déziel
501956 at bugs.launchpad.net
Wed Mar 26 14:05:56 UTC 2014
In recent versions, with "LogLevel INFO", the following is logged:
Connection closed by 172.16.0.1 [preauth]
But setting "LogLevel VERBOSE" gives this:
Connection from 172.16.0.1 port 42049 on 172.16.0.2 port 22
Failed publickey for simon from 172.16.0.1 port 42049 ssh2: RSA ab:cd:ef:00:11:22:33:44:55:66:77:88:99:aa:bb:cc
Connection closed by 172.16.0.1 [preauth]
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/501956
Title:
OpenSSH does not log failed attempts when key authentication is used
Status in Portable OpenSSH:
Unknown
Status in “openssh” package in Ubuntu:
Confirmed
Bug description:
========================================================
Description: Ubuntu 9.10
Release: 9.10
openssh-server:
Installed: 1:5.1p1-6ubuntu2
Candidate: 1:5.1p1-6ubuntu2
Version table:
*** 1:5.1p1-6ubuntu2 0
500 http://us.archive.ubuntu.com karmic/main Packages
100 /var/lib/dpkg/status
========================================================
If you disable password authentication in sshd_config
(PasswordAuthentication no) and attempt to log in with an incorrect
key, a failed login attempt entry should appear in auth.log, as it
does with username/password authentication. Nothing is logged though.
If you change "LogLevel INFO" to "VERBOSE" in /etc/ssh/sshd_config you
do get an entry as below but it isn't enough to indicate a potential
issue :
"Dec 31 18:17:33 localhost sshd[8011]: Connection from 82.23.xx.yy
port 38583"
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/501956/+subscriptions
More information about the foundations-bugs
mailing list