public key authentication -- log invalid keys

TheGezer openssh-unix-dev at
Mon May 5 05:51:18 EST 2014

On 05/02/2014 09:23 AM, Damien Miller wrote:
> On Fri, 2 May 2014, TheGezer wrote:
>> yeah i know, but with increasing bandwidth online, and more and more
>> folks using vps with just a public key a silent distributed attack could
>> go on for a couple of years without anything more than just lots of
>> mysterious connection attempts in the logs
> If you think that such an attack might only take "years" then you
> haven't done the math.

i hear you, i really do, but [1] there is more than one way [2] to skin
a cat, and it's a shame to have other's issues (in these two cases bad
random number generators) go unseen due to insufficient logs -- verbose
logging tends only to be turned on for troubleshooting reasons.


>> also consider internal breach attempts sitting inside the perimeter
>> and consider that if most people lose their client public key through
>> theft or other they would typically just delete the authkey on the
>> server rather than put it in revoked keys so logging bad attempts would
>> catch these guys too
>> personally, i'm going to patch my sources to have bad attempts logged at
>> a lower loglevel
> ... or you could make a one line config change.

yeah true. 
over many systems i'm wondering which would be the easier to do, but
that's a seperate issue

> -d

More information about the openssh-unix-dev mailing list