On 04/25/2014 05:41 PM, Eldon Koyle wrote: > I think you could end up with a lot of false positives doing this. yup > I know I have quite a few keys that my client will try before falling > back to password authentication. You would need to have enough logic in > your script to see if the authentication succeeds at some point or have > a very high limit. > > It might be more interesting to make a database of bad public keys or interestingly openssh *does* log revoked keys http://en.wikibooks.org/wiki/OpenSSH/Logging#Logging_Revoked_Keys > fingerprints and block any addresses that attempt one of them (assuming > you can get openssh to log the failed keys somehow). > if only i knew how to log the failed keys :) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev