public key authentication -- log invalid keys

TheGezer openssh-unix-dev at
Fri May 2 17:56:03 EST 2014

On 05/01/2014 01:49 PM, Damien Miller wrote:
> On Thu, 1 May 2014, TheGezer wrote:
>> yeah that's kind of my point -- surely you should have lower loglevel in
>> order to track bad keys attempts ?
> Just for fun, calculate the probability of a "bad key attempt" succeeding.
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at
yeah i know, but with increasing bandwidth online, and more and more
folks using vps with just a public key a silent distributed attack could
go on for a couple of years without anything more than just lots of
mysterious connection attempts in the logs

also consider internal breach attempts sitting inside the perimeter

and consider that if most people lose their client public key through
theft or other they would typically just delete the authkey on the
server rather than put it in revoked keys so logging bad attempts would
catch these guys too

personally, i'm going to patch my sources to have bad attempts logged at
a lower loglevel

More information about the openssh-unix-dev mailing list