Public key authentication and logging
Nestor Burma
goudron_et_plumes at yahoo.fr
Fri Jun 3 00:05:17 EST 2005
Hi Damien,
--- Damien Miller <djm at mindrot.org> a écrit :
> Nestor Burma wrote:
> > 3/ but if a KNOWN user tries to log without a
> known
> > key, we get no message whatsoever.
> >
> > Taking into account all the current brute forcing
> > tools, we feel this is somehow wrong. Of course,
> we
> > get bazillions of failures for unknown users, but
> > unfortunately some tools we saw just hammered
> 'root'
> > and a few, well-known account names. So getting no
> > failure message is bad for us.
>
> "LogLevel verbose" might give you some more details,
> but the
> probability of someone guessing a private key are
> infintisimal.
This is true, but it is not where our problem lies. We
have some particularly painful
blockhead-with-authority reasonning along the line
"privileged accounts are _not_ concerned by all
bruteforcing programs since we see no error messages
in log files".
I know I should just throw him through the nearest
window (17th floor) but hey. Let's find a marginally
more civilized solution :-) So if those reject
messages were in the logfiles, he would see the light.
Maybe.
And is is somehow interesting to know, for example,
what the ratio "root account bruteforcing" to
"non-root account bruteforcing" looks like. Just for
the sake of statistics, flashy graphics and the like.
We'll test "LogLevel verbose", of course.
Thanks,
-- Nb
_____________________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com
More information about the openssh-unix-dev
mailing list