Hi guys, i was wondering if someone could point me in the right direction please. if someone connects using public keys, but uses the wrong keys to connect, openssh logs this kind of thing: Apr 21 23:50:04 [sshd] SSH: Server;Ltype: Version;Remote: 122.169.248.92-49232;Protocol: 2.0;Client: libssh-0.2 Apr 21 23:50:05 [sshd] SSH: Server;Ltype: Kex;Remote: 122.169.248.92-49232;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth] Apr 21 23:50:05 [sshd] SSH: Server;Ltype: Version;Remote: 122.169.248.92-51680;Protocol: 2.0;Client: libssh-0.2 Apr 21 23:50:05 [sshd] SSH: Server;Ltype: Kex;Remote: 122.169.248.92-51680;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth] while i appreciate that bruteforcing a public key is significantly more difficult than a short password, this does make me a little uneasy and i'd like to be able to feed these bad IP addresses to my firewall. however, when I correctly ssh to my machines, i get similar entries Apr 20 09:16:24 [sshd] SSH: Server;Ltype: Version;Remote: 192.168.x.100-55939;Protocol: 2.0;Client: OpenSSH_5.9p1 Debian-5ubuntu3 Apr 20 09:16:24 [sshd] SSH: Server;Ltype: Kex;Remote: 192.168.x.100-55939;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] Apr 20 09:16:24 [sshd] SSH: Server;Ltype: Authname;Remote: 192.168.x.100-55939;Name: root [preauth] Apr 20 09:16:28 [sshd] Accepted keyboard-interactive/pam for root from 192.168.x.100 port 55939 ssh2 i've tried changing LogLevel VERBOSE but it doesn't seem to make any difference what i was hoping for is something similar to this: Apr 24 11:53:47 [sshd] input_userauth_request: invalid user ubuntu [preauth] but saying "invalid keys" or similar. any pointers gratefully received, thanks in advance and especially thanks for openssh ! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
