Logging Login Attempts
hans at atbas.org
Fri Oct 8 17:15:10 EST 2010
I rather see that it is logged whenever the last valid method fails.
So if you disable the password method, you still want to have that log
if the publickey method fails, even if it is not in verbose logging
Its pretty simple to implement that, just above that add 1 line.
if (authenticated == 1 ||
authctxt->failures >= options.max_authtries / 2 ||
+ strcmp(method, "publickey") == 0 ||
strcmp(method, "password") == 0)
authlog = logit;
> Actually, the attempted username, source IP address, and source port are
> logged. This is done in auth.c. At least that is the case in cvs HEAD
> and looks like it goes back at least as far as 5.1p1.
> 274 authlog("%s %s for %s%.100s from %.200s port %d%s",
> 275 authmsg,
> 276 method,
> 277 authctxt->valid ? "" : "invalid user ",
> 278 authctxt->user,
> 279 get_remote_ipaddr(),
> 280 get_remote_port(),
> 281 info);
> Note that in the case of password authentication, authlog is a pointer
> to logit(), whereas for all other authentication methods it is a pointer
> to verbose().
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev