Hello everyone,
It seems that the login failures reported by the security output of a nightly
periodic job has become somewhat useless per OpenSSH 6.1.
I used to get username and IP address in the output but it seems that the
logging format has changed. Instead of one line the log format now has two
lines. One like the ones below and then another coinciding line that contains IP
address and username.
I think it would be more beneficial outputting the lines with the ip and
username over the ones below for the security output.
Not sure exactly when this changed but would like to gather some input before I
inspect further on the changes that would have to be made.
My output is from SVN FreeBSD STABLE 8.3 as of yesterday.
Thanks & Clean Regards,
...Sample output...
login failures:
May 4 00:04:35 disbatch sshd[48898]: fatal: Write failed: Operation not
permitted
May 4 14:54:14 disbatch sshd[9544]: input_userauth_request: invalid user root
[preauth]
May 4 18:44:04 disbatch sshd[18326]: fatal: Read from socket failed: Connection
reset by peer [preauth]
--
Jason Hellenthal
JJH48-ARIN
-(2^(N-1))