sshd logging with key-only authentication
David Wolfskill
david at catwhisker.org
Fri Jul 9 04:09:39 UTC 2010
On Thu, Jul 08, 2010 at 07:42:15PM -0400, Glen Barber wrote:
> ...
> What caught my interest is if I attempt to log in from a machine where I
> do not have my key or an incorrect key, I see nothing logged in auth.log
> about a failed login attempt. If I attempt with an invalid username, as
> expected, I see 'Invalid user ${USER} from ${IP}.'
>
> I'm more concerned with ssh login failures with valid user names.
> Looking at crypto/openssh/auth.c, allowed_user() returns true if the
> user is not in DenyUsers or DenyGroups, exists in AllowUsers or
> AllowGroups (if it is not empty), and has an executable shell. I'm no C
> hacker, but superficially it looks like it can never meet a condition
> where the user is valid but the key is invalid to trigger a log entry.
>
> Is this a bug in openssh, or have I overlooked something in my
> configuration?
What I do is configure IPFW to log all attempted session-initiation packets
on 22/tcp, and correlate /var/log/auth.log & /var/log/security.
It's rather interesting to see how many entries show up in the latter
that have no corresponding entry in the former.
Peace,
david
--
David H. Wolfskill david at catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100709/46986877/attachment.pgp
More information about the freebsd-stable
mailing list