Re: public key authentication -- log invalid keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 04/25/2014 05:41 PM, Eldon Koyle wrote:
> I think you could end up with a lot of false positives doing this.
yup
> I know I have quite a few keys that my client will try before falling
> back to password authentication.  You would need to have enough logic in
> your script to see if the authentication succeeds at some point or have
> a very high limit.
>
> It might be more interesting to make a database of bad public keys or
interestingly openssh *does* log revoked keys
http://en.wikibooks.org/wiki/OpenSSH/Logging#Logging_Revoked_Keys
> fingerprints and block any addresses that attempt one of them (assuming
> you can get openssh to log the failed keys somehow).
>
if only i knew how to log the failed keys :)

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux