public key authentication -- log invalid keys

Damien Miller djm at
Fri May 2 18:23:16 EST 2014

On Fri, 2 May 2014, TheGezer wrote:

> yeah i know, but with increasing bandwidth online, and more and more
> folks using vps with just a public key a silent distributed attack could
> go on for a couple of years without anything more than just lots of
> mysterious connection attempts in the logs

If you think that such an attack might only take "years" then you
haven't done the math.

> also consider internal breach attempts sitting inside the perimeter
> and consider that if most people lose their client public key through
> theft or other they would typically just delete the authkey on the
> server rather than put it in revoked keys so logging bad attempts would
> catch these guys too
> personally, i'm going to patch my sources to have bad attempts logged at
> a lower loglevel

... or you could make a one line config change.


More information about the openssh-unix-dev mailing list