Re: public key authentication -- log invalid keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 05/01/2014 01:49 PM, Damien Miller wrote:
> On Thu, 1 May 2014, TheGezer wrote:
>
>> yeah that's kind of my point -- surely you should have lower loglevel in
>> order to track bad keys attempts ?
> Just for fun, calculate the probability of a "bad key attempt" succeeding.
>
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
yeah i know, but with increasing bandwidth online, and more and more
folks using vps with just a public key a silent distributed attack could
go on for a couple of years without anything more than just lots of
mysterious connection attempts in the logs

also consider internal breach attempts sitting inside the perimeter

and consider that if most people lose their client public key through
theft or other they would typically just delete the authkey on the
server rather than put it in revoked keys so logging bad attempts would
catch these guys too

personally, i'm going to patch my sources to have bad attempts logged at
a lower loglevel
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux