Christoph Anton Mitterer
2011-May-08 22:15 UTC
[Secure-testing-team] Bug#626112: openssh-server: ssh doesn''t log some failed authentications to auth.log anymore
Package: openssh-server Version: 1:5.8p1-4 Severity: grave Tags: security Justification: user security hole Hi. For *some* failed connections ssh seems to put no logging into auth.log anymore. This can be quite security relevant when using e.g. fail2ban which relies on this. Only some (types?) of connections seem to be affected, as I still see few IPs that get banned by fail2ban. But when I e.g. go to another host of mine, and try repeatedly to login, they don''t get banned (as nothing appears in the logs). I tried both, hosts where a ~/.ssh/id_rsa* was in place and not. Attached is my sshd''s configuration. Please ask for mor information if you need any. Cheers, Chris. -- debconf information: ssh/vulnerable_host_keys: ssh/new_config: true * ssh/use_old_init_script: true ssh/disable_cr_auth: false ssh/encrypted_host_key_but_no_keygen: -------------- next part -------------- ListenAddress lo.localhost ListenAddress lo.ip6-localhost ListenAddress localhost.localhost ListenAddress eth0.localhost #ListenAddress eth0.ip6-localhost AllowUsers root #PermitRootLogin no ChallengeResponseAuthentication no PasswordAuthentication no RSAAuthentication no Protocol 2 Ciphers aes256-cbc,aes192-cbc,aes128-cbc,aes256-ctr,aes192-ctr,aes128-ctr,blowfish-cbc MACs hmac-sha1,hmac-ripemd160 ClientAliveInterval 30 TCPKeepAlive no AcceptEnv LANG LC_* X11Forwarding yes Subsystem sftp /usr/lib/openssh/sftp-server