On 05/02/2014 09:23 AM, Damien Miller wrote: > On Fri, 2 May 2014, TheGezer wrote: > >> yeah i know, but with increasing bandwidth online, and more and more >> folks using vps with just a public key a silent distributed attack could >> go on for a couple of years without anything more than just lots of >> mysterious connection attempts in the logs > If you think that such an attack might only take "years" then you > haven't done the math. i hear you, i really do, but [1] there is more than one way [2] to skin a cat, and it's a shame to have other's issues (in these two cases bad random number generators) go unseen due to insufficient logs -- verbose logging tends only to be turned on for troubleshooting reasons. [1]http://taint.org/2008/05/16/165301a.html [2]http://www.darkreading.com/vulnerabilities-and-threats/cryptographers-discover-public-key-infrastructure-flaw/d/d-id/1102851? > >> also consider internal breach attempts sitting inside the perimeter >> >> and consider that if most people lose their client public key through >> theft or other they would typically just delete the authkey on the >> server rather than put it in revoked keys so logging bad attempts would >> catch these guys too >> >> personally, i'm going to patch my sources to have bad attempts logged at >> a lower loglevel > ... or you could make a one line config change. yeah true. over many systems i'm wondering which would be the easier to do, but that's a seperate issue > > -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev