public key authentication -- log invalid keys
TheGezer
openssh-unix-dev at thegeezer.net
Fri May 2 17:56:03 EST 2014
On 05/01/2014 01:49 PM, Damien Miller wrote:
> On Thu, 1 May 2014, TheGezer wrote:
>
>> yeah that's kind of my point -- surely you should have lower loglevel in
>> order to track bad keys attempts ?
> Just for fun, calculate the probability of a "bad key attempt" succeeding.
>
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
yeah i know, but with increasing bandwidth online, and more and more
folks using vps with just a public key a silent distributed attack could
go on for a couple of years without anything more than just lots of
mysterious connection attempts in the logs
also consider internal breach attempts sitting inside the perimeter
and consider that if most people lose their client public key through
theft or other they would typically just delete the authkey on the
server rather than put it in revoked keys so logging bad attempts would
catch these guys too
personally, i'm going to patch my sources to have bad attempts logged at
a lower loglevel
More information about the openssh-unix-dev
mailing list