On 05/01/2014 01:49 PM, Damien Miller wrote: > On Thu, 1 May 2014, TheGezer wrote: > >> yeah that's kind of my point -- surely you should have lower loglevel in >> order to track bad keys attempts ? > Just for fun, calculate the probability of a "bad key attempt" succeeding. > > -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev yeah i know, but with increasing bandwidth online, and more and more folks using vps with just a public key a silent distributed attack could go on for a couple of years without anything more than just lots of mysterious connection attempts in the logs also consider internal breach attempts sitting inside the perimeter and consider that if most people lose their client public key through theft or other they would typically just delete the authkey on the server rather than put it in revoked keys so logging bad attempts would catch these guys too personally, i'm going to patch my sources to have bad attempts logged at a lower loglevel _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev