[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
Don Reid
don at bunfight.net
Thu Feb 18 21:45:42 GMT 2010
To summarize:
LogLevel INFO
RSAAuthentication yes
PubkeyAuthentication yes
HostbasedAthentication no
ChallengeResponseAuthentication no
PasswordAuthentication no
AllowUsers lukeskywalker
[1] The decision to log the error is made in procedure "auth_log" in "auth.c":
/* Raise logging level */
if (authenticated == 1 ||
!authctxt->valid ||
authctxt->failures >= options.max_authtries / 2 ||
strcmp(method, "password") == 0)
authlog = logit;
When account exists but does not have a trusted pubkey on the server the
variables have the following values:
"auth_log" decision has the following values:
authenticated ......... 0
authctxt->valid ....... 1
authctxt->failures .... 0
options.max_authtries . 6
method ................ publickey
Which translates to:
if (0 == 1 ||
! 1 ||
0 >= 6 / 2 ||
1 == 0)
authlog = logit;
So authlog cannot escalate to the logit function (nothing in auth.log)
I suggest ADDING the following change between "/* Raise logging level
*/" and the start of the if statement that immediately followed it:
if (!authenticated &&
authctxt-->valid &&
strcmp(method, "publickey") == 0)
authlog = logit;
There seems to be an alternative train of thought from the 2005 portable
bug associated with this report. I guess that was never implemented
(please add comments if you know the history).
Regards, Don.
--
OpenSSH does not log failed attempts when key authentication is used
https://bugs.launchpad.net/bugs/501956
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list