[Bug 1468] New: sshd does not log failed attempts using key-based authentication only

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu May 22 18:26:26 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1468

           Summary: sshd does not log failed attempts using key-based
                    authentication only
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.0p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: advax at triumf.ca


When testing the Debian SSH exploit against SSH-2.0-OpenSSH_4.1p1-hpn
I noticed that sshd did not log key failures, only password failures.

I just built SSH-2.0-OpenSSH_5.0 on Fedora Core 4 with no configure
options (./configure; make) and again there is no logging

$ ./ssh -p 8022 -o PasswordAuthentication=no -i badkey localhost
Permission denied (publickey,password).
  - no log entry

$ ./ssh -p 8022 -o PasswordAuthentication=no -i goodkey localhost
  - login successful
  - syslog entry: sshd[6987]: Accepted publickey for andrew from
    127.0.0.1 port 39492 ssh2

The Debian exploit tries an average of 32,000 keys with no evidence in
syslog apart from an entry on success.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list