Any plans implement MaxAuthTriesLog?
Darren Tucker
dtucker at zip.com.au
Tue Nov 16 21:54:43 EST 2004
Darren Tucker wrote:
> Richard Dickens wrote:
>
>> When a user gets their password wrong more than MaxAuthTries times why
>> isn't the message "Too many authentication failures for %.100s" written
>> to syslog? The user seems to get it (in a dialog in putty) but it
>> doesn't get logged. The usual "Failed password for..." messages are
>> logged.
>
> AFAIK vanilla OpenSSH has never logged those (it only sends it to the
> user via packet_disconnect). Maybe it should log too? And if so, maybe
> it should log some more info? Anyway, try this patch.
Richard pointed out that packet_disconnect already calls logit(). D'oh.
The reason it's not logged is privsep: the packet_disconnect and logit
call happen in the unprivileged child (which is chrooted and doesn't
have access to /dev/log). Trying it with UsePrivilegeSeparation=no has
the messages logged OK. Not sure how to fix it for privsep=yes, other
than adding a /dev/log to the chroot.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list