On Fri, 2 May 2014, TheGezer wrote: > yeah i know, but with increasing bandwidth online, and more and more > folks using vps with just a public key a silent distributed attack could > go on for a couple of years without anything more than just lots of > mysterious connection attempts in the logs If you think that such an attack might only take "years" then you haven't done the math. > also consider internal breach attempts sitting inside the perimeter > > and consider that if most people lose their client public key through > theft or other they would typically just delete the authkey on the > server rather than put it in revoked keys so logging bad attempts would > catch these guys too > > personally, i'm going to patch my sources to have bad attempts logged at > a lower loglevel ... or you could make a one line config change. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev