Re: public key authentication -- log invalid keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



OK so i've been doing some digging and a bit more testing.  seems i do
get an error but only in verbose loglevel.
but I have to increase LogLevel to verbose to only get
" [sshd] Failed publickey for root "

undeterred i went digging in the source
it looks like auth2-pubkey.c   has function "user_key_allowed" which in
turn calls "user_key_allowed2" which calls "check_authkeys_file"
so there is a line for key not found, but i'm not getting this with
LogLevel = VERBOSE

http://fossies.org/dox/openssh-6.6p1/auth2-pubkey_8c_source.html#l00651
   418     if (!found_key)
   419         debug2("key not found");

so with LogLevel DEBUG2 and this gives me much much more info including
"key not found"

OK so far so good, the logging I requested is there but at debug2 level,
or more generically at verbose level.

with more and more bruteforce toys being available online I do wonder if
this kind of thing really ought to be at a higher volume to alert that
unknown keys are being used on systems.  with lost/stolen keys I would
imagine most people would delete and recreate rather than making use of
RevokedKeys, and so not know if folks are silently trying to connect to
their hosts.
I do appreciate though that many machines will try their public keys
first and thus possibly create unnecessary noise in logs.

is it worth making this a config file option that could be enabled /
disabled on sshd start ?
or am i alone in this line of thinking and should just patch my source
appropriately?

please let me know your thoughts,
thanks



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux