public key authentication -- log invalid keys

TheGezer openssh-unix-dev at
Sat Apr 26 03:07:55 EST 2014

On 04/25/2014 05:41 PM, Eldon Koyle wrote:
> I think you could end up with a lot of false positives doing this.
> I know I have quite a few keys that my client will try before falling
> back to password authentication.  You would need to have enough logic in
> your script to see if the authentication succeeds at some point or have
> a very high limit.
> It might be more interesting to make a database of bad public keys or
interestingly openssh *does* log revoked keys
> fingerprints and block any addresses that attempt one of them (assuming
> you can get openssh to log the failed keys somehow).
if only i knew how to log the failed keys :)

More information about the openssh-unix-dev mailing list