public key authentication -- log invalid keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi guys,
i was wondering if someone could point me in the right direction please.
if someone connects using public keys, but uses the wrong keys to
connect, openssh logs this kind of thing:

Apr 21 23:50:04 [sshd] SSH: Server;Ltype: Version;Remote:
122.169.248.92-49232;Protocol: 2.0;Client: libssh-0.2
Apr 21 23:50:05 [sshd] SSH: Server;Ltype: Kex;Remote:
122.169.248.92-49232;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Apr 21 23:50:05 [sshd] SSH: Server;Ltype: Version;Remote:
122.169.248.92-51680;Protocol: 2.0;Client: libssh-0.2
Apr 21 23:50:05 [sshd] SSH: Server;Ltype: Kex;Remote:
122.169.248.92-51680;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]

while i appreciate that bruteforcing a public key is significantly more
difficult than a short password, this does make me a little uneasy and
i'd like to be able to feed these bad IP addresses to my firewall.

however, when I correctly ssh to my machines, i get similar entries
Apr 20 09:16:24 [sshd] SSH: Server;Ltype: Version;Remote:
192.168.x.100-55939;Protocol: 2.0;Client: OpenSSH_5.9p1 Debian-5ubuntu3
Apr 20 09:16:24 [sshd] SSH: Server;Ltype: Kex;Remote:
192.168.x.100-55939;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Apr 20 09:16:24 [sshd] SSH: Server;Ltype: Authname;Remote:
192.168.x.100-55939;Name: root [preauth]
Apr 20 09:16:28 [sshd] Accepted keyboard-interactive/pam for root from
192.168.x.100 port 55939 ssh2

i've tried changing LogLevel VERBOSE but it doesn't seem to make any
difference
what i was hoping for is something similar to this:

Apr 24 11:53:47 [sshd] input_userauth_request: invalid user ubuntu [preauth]

but saying "invalid keys" or similar.

any pointers gratefully received,
thanks in advance and especially thanks for openssh !
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux