Need OpenSSH to logs users bad login attempts
Darren Tucker
dtucker at zip.com.au
Thu Jan 13 23:23:04 EST 2005
Michael Selvesteen wrote:
> Thanks Damien for your comments,
>
> We use a program that depends /var/adm/btmp(s) to monitor bad logins.
> But SSH is not updating this file after a bad login attempt.
Is the patch you're using available?
> We
> seriously require the functionality. As I mentioned before we have a
> patch that makes SSH to do this but it fails to log bad attempts of
> key based authentication.
If your patch uses the CUSTOM_FAILED_LOGIN hook then it's just a matter
of finding this piece in auth.c:
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && strcmp(method, "password") == 0)
record_failed_login(authctxt->user, "ssh");
#endif
and removing the "&& strcmp(method, "password") == 0 part.
Hmm on second thought you may want to change it to be:
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && strcmp(method, "none") != 0)
record_failed_login(authctxt->user, "ssh");
#endif
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list