View Full Version : [ubuntu] ssh login failure logging question
Cyked
October 8th, 2011, 12:14 AM
Using SSH key Auth. If I login with a non-existent userid ID it logs the ID and IP in authlog. If I do the same with a valid ID and bad PW it logs nothing. Shouldn't it log this???
jramshu
October 8th, 2011, 03:48 AM
Should log it as an authentication failure.
Best to disable password authentication and set a password for the key itself. JMO
Dangertux
October 8th, 2011, 06:37 AM
It does log it it should say failed authentication for user whoever in auth.log
It may also say failed to provide public key.
Lars Noodén
October 9th, 2011, 04:25 PM
Which version of SSH is it?
azmyth
October 9th, 2011, 04:56 PM
I tried it on my system and I noticed the same thing as you. I suspect it has to do with the level of logging set in the /etc/ssh/sshd_config file.
Dangertux
October 9th, 2011, 05:05 PM
If you need to increase SSH logging you can change the following in /etc/ssh/sshd_config
LogLevel INFO
to
LogLevel VERBOSE
other possible values
WARNING - Log only on Warnings
ERROR - Log on errors
DEBUG - Considerably more output than VERBOSE
DEBUG2 - More than DEBUG
DEBUG3 - The most logged , this may slow down your system considerably.
Cyked
October 11th, 2011, 08:47 AM
Weird. I didn't know this posted. I was posting on my phone, got a bunch of DB errors from the site so I didn't think it went through.
I checked after I got home, and what IS happening is if its a failed attempt WITH the actual key it will only log failures in authlog with bad user IDs. I assume this is because why would someone else have your key. I'll check the logging settings out of curiosity under sshd_config.
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.