Hello All, We have a sensitive network where users authenticates through SSH. We support multiple authentications with respective to their groups . As a security concern we continue to monitor failed or bad login attempts of every user using lastb command, but SSH never logs the bad login attempts of the user like telnet does . We would like to have this feature on SSH for every supported authentication including key based authentication like public key and host based authentications. We have a patch that logs bad login attempt through password based authentication but we like to have for key based authentication also. Kindly shed some light on this issue. We are using OpenSSH 3.9 on HP-UX 11.11 and HP-UX 11.23 servers. Advance thanks for all your help. Michael
Michael Selvesteen wrote:> Hello All, > > We have a sensitive network where users authenticates through SSH. We > support multiple authentications with respective to their groups . As > a security concern we continue to monitor failed or bad login attempts > of every user using lastb command, but SSH never logs the bad login > attempts of the user like telnet does . We would like to have this > feature on SSH for every supported authentication including key based > authentication like public key and host based authentications."LogLevel verbose" in sshd_config should do what you want. -d
Martin Schröder
2005-Jan-13 11:05 UTC
logging hostnames (was: Need OpenSSH to logs users bad login attempts)
On 2005-01-13 21:36:51 +1100, Damien Miller wrote:> "LogLevel verbose" in sshd_config should do what you want.BTW: Is it possible to add a hostname to the logged ip-address (maybe even with automatic reverse-lookup) if UseDNS is set? Best regards Martin -- Martin Schr?der, ms at artcom-gmbh.de ArtCom GmbH, Lise-Meitner-Str 5, 28359 Bremen, Germany Voice +49 421 20419-44 / Fax +49 421 20419-10 http://www.artcom-gmbh.de
Thanks Damien for your comments, We use a program that depends /var/adm/btmp(s) to monitor bad logins. But SSH is not updating this file after a bad login attempt. We seriously require the functionality. As I mentioned before we have a patch that makes SSH to do this but it fails to log bad attempts of key based authentication. Our program is similar to lastb command in HP_UX which returns bad login attempts. But lastb too fails to list bad login attempts by the SSH users. Thanks for your help, -- Michael On Thu, 13 Jan 2005 21:36:51 +1100, Damien Miller <djm at mindrot.org> wrote:> Michael Selvesteen wrote: > > Hello All, > > > > We have a sensitive network where users authenticates through SSH. We > > support multiple authentications with respective to their groups . As > > a security concern we continue to monitor failed or bad login attempts > > of every user using lastb command, but SSH never logs the bad login > > attempts of the user like telnet does . We would like to have this > > feature on SSH for every supported authentication including key based > > authentication like public key and host based authentications. > > "LogLevel verbose" in sshd_config should do what you want. > > -d >