[Bug 2415] Public key failures are not counted and therefore not logged into syslog
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Jun 22 13:37:49 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2415
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Right, but SSH2_MSG_USERAUTH_PK_OK tests are not really "authentication
attempts" because they don't include a signature.
Attempts that do include a signature are treated like every other
authentication attempt wrt logging and maxauthtries handling. In the
monitor, authctxt->failures gets incremented in the main
monitor_child_preauth() after mm_answer_keyverify() returns without
completing authentication.
The monitor and preauth privsep process failures counter should not be
out of sync, but keyallowed isn't the right place to increment it
because it will put it out of sync in a different way :/
I just noticed that the increment in monitor.c is wrong in a different
way though, it fails to account for partial authentication that
shouldn't increment the counter.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list