Logging failed attempts to correct usernames
Daniel Shahaf
danielsh at apache.org
Thu Jun 23 01:17:10 EST 2011
[ using FreeBSD 8.2, but I don't think the problem is specific to their port ]
For fail2ban purposes I'd like to log failed SSH authentication attempts
of correct (i.e., existing) usernames.
I have no issue with the logging of authn attempts to non-existing
usernames.
I've tried to set LogLevel=VERBOSE and MaxAuthAttempts=1 in sshd_config,
but even then I didn't see /var/log/auth.log entries for failed login
attempts from a third host to an existing username. (I didn't spot any
other relevant knobs in sshd_config(5).)
I assumed I'd see such log entries since the docs of MaxAuthAttempts
state any failed attempts after MaxAuthAttempts/2 will be logged, so
I interpreted that even the first failed authn attempt would be logged
when MaxAuthAttempts=1.
How can I cause sshd to log all failed authentication attempts to
existing usernames?
Thanks,
More information about the openssh-unix-dev
mailing list