So far, looking in OpenBSD's openssh-5.0p1 in auth.c I can see this:
Code:
if (authctxt->postponed)
authmsg = "Postponed";
else
authmsg = authenticated ? "Accepted" : "Failed";
authlog("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "invalid user ",
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
It looks like both success and fail are logged in a single command. That wouldn't be a problem though. I'll keep looking and check out that link. Thanks MJN.
-mrpeenut
Bookmarks