Logging of failed publickey authentication attempts
Iain Morgan
imorgan at nas.nasa.gov
Tue Mar 12 04:56:21 EST 2013
On Fri, Mar 08, 2013 at 08:46:09 -0600, Johannes Bauer wrote:
> Hello list,
>
> I'd like to monitor failed publickey authentication attempts to my
> OpenSSH server and noticed that they're not logged (even in VERBOSE
> logging mode). Doing some digging, I found this 8 year old bug:
> https://bugzilla.mindrot.org/show_bug.cgi?id=974
>
> Apparently, that issue was already known eight years ago and a patch is
> even attached -- but it never made it into mainline? I'd like to ask if
> it is planned to incorporate this change into OpenSSL? If not, why so?
> Or has the bug just not been update and a fix already exists?
>
What version of OpenSSH are you using?
If I recall correctly, you need to have your syslog daemon listen to
/var/empty/dev/log if you are using a version older than v5.9p1.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list