[Bug 2199] "Too many authentication failures for root" does not log IP

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Mar 8 03:34:28 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2199

--- Comment #2 from sshbugzilla.apriori at spamgourmet.com ---
Hi! I observed this behaviour on 6.5, so the revision you quoted should
be incorporated.

We discussed the idea of combining information from multiple log
messages in https://github.com/fail2ban/fail2ban/pull/45 . In
particular, one would have to combine the info from the IP-less “too
many auth failures” message with the subsequent “disconnecting”
message. However, it appeared as if correlating the two messages can’t
be done out of the box because the PIDs are not identical.

Someone suggested that setting the log level to verbose would produce
“connection from” messages, which include the remote host’s IP, and
whose PID matches the one from the “too many auth failures” message. So
this might be a way to get a hold of the desired information.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list