Hello ml, i've set up a ssh server with public-key authentication. But soon i realized that wrong pubkey authentications are not shown in the logs. So i wrote a small patch for monitor.c included as attachement. patch against 3.8.1p1 $ patch -p0 < /path/to/keyauth-loggin.patch Kindly regards, Jan Gehring
Hm,
the attachement was cut ...
-----8<-----8<-------8<-------
*** monitor.c.orig 2004-07-14 17:26:44.329962192 +0200
--- monitor.c 2004-07-14 17:27:06.511590072 +0200
***************
*** 990,995 ****
--- 990,999 ----
debug3("%s: key %p is %s",
__func__, key, allowed ? "allowed" : "disallowed");
+ if(! allowed) {
+ logit("Illegal user %.100s from %.100s",
authctxt->user,get_remote_ipaddr());
+ }
+
buffer_clear(m);
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
-----8<-----8<-------8<-------
> patch against 3.8.1p1
> $ patch -p0 < /path/to/keyauth-loggin.patch
>
>
> Kindly regards,
>
> Jan Gehring
>
>
Darren Tucker <dtucker at zip.com.au> wrote:> Jan Gehring wrote: > > + if(! allowed) { > > + logit("Illegal user %.100s from %.100s",authctxt->user,get_remote_ipaddr());> > "Illegal user" has a different meaning to "this particular > authentication failed". > > Anyway, this wouldn't this be logged in auth.c:auth_log() (subject to > the thresholds in there) ?Well, you're right. Seems i have overlooked this function. Imho, it should have been logged. Best regards, Jan Gehring
Jan Gehring wrote:> + logit("Illegal user %.100s from %.100s", authctxt->user,get_remote_ipaddr());Under what government is this illegal? I would like to avoid such a police state. :-) I think you mean "invalid" here, not "illegal". s/Illegal/Invalid/g Bob