bugzilla-daemon at bugzilla.mindrot.org
2008-May-22 08:26 UTC
[Bug 1468] New: sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 Summary: sshd does not log failed attempts using key-based authentication only Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: advax at triumf.ca When testing the Debian SSH exploit against SSH-2.0-OpenSSH_4.1p1-hpn I noticed that sshd did not log key failures, only password failures. I just built SSH-2.0-OpenSSH_5.0 on Fedora Core 4 with no configure options (./configure; make) and again there is no logging $ ./ssh -p 8022 -o PasswordAuthentication=no -i badkey localhost Permission denied (publickey,password). - no log entry $ ./ssh -p 8022 -o PasswordAuthentication=no -i goodkey localhost - login successful - syslog entry: sshd[6987]: Accepted publickey for andrew from 127.0.0.1 port 39492 ssh2 The Debian exploit tries an average of 32,000 keys with no evidence in syslog apart from an entry on success. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-May-22 17:31 UTC
[Bug 1468] sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> 2008-05-23 03:31:42 --- Setting Loglevel=verbose in sshd_config will show failed pubkey authentication attempts. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-May-22 18:08 UTC
[Bug 1468] sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 --- Comment #2 from Andrew Daviel <advax at triumf.ca> 2008-05-23 04:08:53 --- Thank you; that works. However, this setting is not the default and the manpage (sshd_config.5) does not document this feature. With "Loglevel=verbose" : SSH-2.0-OpenSSH_5.0 sshd[28336]: Connection from 127.0.0.1 port 35709 sshd[28336]: Failed none for andrew from 127.0.0.1 port 35709 ssh2 sshd[28336]: Failed publickey for andrew from 127.0.0.1 port 35709 ssh2 This is acceptable Older versions do not give as much detail SSH-2.0-OpenSSH_4.2 sshd[3927]: Connection from a.b.c.d port 48465 sshd[26716]: Failed none for andrew from a.b.c.d port 53023 ssh2 SSH-1.99-OpenSSH_3.5p1 sshd[3927]: Connection from a.b.c.d port 48465 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jul-22 02:24 UTC
[Bug 1468] sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> 2008-07-22 12:24:40 --- Mass update RESOLVED->CLOSED after release of openssh-5.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Feb-17 17:28 UTC
[Bug 1468] sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 haeckse at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |haeckse at gmail.com Version|5.0p1 |5.3p1 Status|CLOSED |REOPENED Resolution|INVALID | --- Comment #4 from haeckse at gmail.com 2010-02-18 04:28:26 EST --- In version 5.3p1 (and 5.1p1) neither setting the loglevel to verbose nor debug results in a log-message warning of failed publickey attempts. The loglevel info shows nothing at all. Loglevel verbose only shows this: Connection from 127.0.0.1 port 48464 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Feb-18 18:40 UTC
[Bug 1468] sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #5 from Damien Miller <djm at mindrot.org> 2010-02-19 05:40:46 EST --- It does work, but you probably don't have your syslogd listening in the right place: /var/empty/dev/log (might be different depending on what you set --with-privsep-path to when you were building sshd). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Apr-16 05:50 UTC
[Bug 1468] sshd does not log failed attempts using key-based authentication only
https://bugzilla.mindrot.org/show_bug.cgi?id=1468 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> 2010-04-16 15:50:14 EST --- Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 609] empty password accounts can login with random password
- [Bug 609] empty password accounts can login with random password
- Protocol negotiation issue in rsync
- [Bug 1468] New: [netdev] dropping ether type vlan frames drops ICMPv6 type 134
- Dual boot with Windows 8.1, UEFI