no logging in auth.log when using wrong ssh keys

Hans Harder hans at
Tue Apr 20 06:31:01 EST 2010

I have in the sshd_config the following to disable password authentication
Match Group dummies
     PasswordAuthentication no
     KbdInteractive no

Normally I use denyhosts to detect incorrect logins, but it seems that
failed sshkey logins are not logged in auth.log
And I really like to have them in order to detect them and use the
denyhosts script.

Looked in the last nightly builds, but it seems that only method '
password' is being logged.
So I added one line, so that also failed publickey logins are being
logged in auth.log

hans at Draakje:~/src/openssh$ diff -u auth.c auth_new.c
--- auth.c	2010-03-07 01:57:00.000000000 +0100
+++ auth_new.c	2010-04-19 19:58:21.564550068 +0200
@@ -263,6 +263,7 @@
 	if (authenticated == 1 ||
 	    !authctxt->valid ||
 	    authctxt->failures >= options.max_authtries / 2 ||
+	    strcmp(method, "publickey") == 0 ||
 	    strcmp(method, "password") == 0)
 		authlog = logit;

Perhaps there is a better way to log the failed sshkey logins, but I
couldn't find it (my lack of knowledge probably).
So any comments are welcome....

ech`echo xiun|tr nu oc|sed'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol.

More information about the openssh-unix-dev mailing list