public key authentication -- log invalid keys
Damien Miller
djm at mindrot.org
Fri May 2 18:23:16 EST 2014
On Fri, 2 May 2014, TheGezer wrote:
> yeah i know, but with increasing bandwidth online, and more and more
> folks using vps with just a public key a silent distributed attack could
> go on for a couple of years without anything more than just lots of
> mysterious connection attempts in the logs
If you think that such an attack might only take "years" then you
haven't done the math.
> also consider internal breach attempts sitting inside the perimeter
>
> and consider that if most people lose their client public key through
> theft or other they would typically just delete the authkey on the
> server rather than put it in revoked keys so logging bad attempts would
> catch these guys too
>
> personally, i'm going to patch my sources to have bad attempts logged at
> a lower loglevel
... or you could make a one line config change.
-d
More information about the openssh-unix-dev
mailing list