Logging of failed publickey authentication attempts

Iain Morgan imorgan at nas.nasa.gov
Tue Mar 12 04:56:21 EST 2013


On Fri, Mar 08, 2013 at 08:46:09 -0600, Johannes Bauer wrote:
> Hello list,
> 
> I'd like to monitor failed publickey authentication attempts to my
> OpenSSH server and noticed that they're not logged (even in VERBOSE
> logging mode). Doing some digging, I found this 8 year old bug:
> https://bugzilla.mindrot.org/show_bug.cgi?id=974
> 
> Apparently, that issue was already known eight years ago and a patch is
> even attached -- but it never made it into mainline? I'd like to ask if
> it is planned to incorporate this change into OpenSSL? If not, why so?
> Or has the bug just not been update and a fix already exists?
> 

What version of OpenSSH are you using?

If I recall correctly, you need to have your syslog daemon listen to
/var/empty/dev/log if you are using a version older than v5.9p1.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list