Public key authentication and logging
Nestor Burma
goudron_et_plumes at yahoo.fr
Thu Jun 2 20:36:28 EST 2005
Hello,
[This message has been sent previously to the
ssh-users list, but got no answer, so maybe it's not a
usage problem. Sorry for the crossposting]
We are using OpenSSH 4.1p1 on a Linux box. The only
authentication method allowed is by public key.
Everything works without any problem, EXCEPT logging
in one situation :
1/ if a known user tries to log, with a proper (known)
key, as expected, we get a success message through
syslog, such as
:
Accepted publickey for USER from IP
2/ if an unknow user tries to log (obviously with or
without a "proper key"), again as expecte, we get a
failure message through syslog, such as :
Invalid user USER from IP
3/ but if a KNOWN user tries to log without a known
key, we get no message whatsoever.
Taking into account all the current brute forcing
tools, we feel this is somehow wrong. Of course, we
get bazillions of failures for unknown users, but
unfortunately some tools we saw just hammered 'root'
and a few, well-known account names. So getting no
failure message is bad for us.
Is it a misconfiguration on our part ? And if so, how
to change that ?
Sincerely,
-- Nb
_____________________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com
More information about the openssh-unix-dev
mailing list