https://bugs.contribs.org/show_bug.cgi?id=10807
--- Comment #3 from Jean-Philippe Pialasse <[email protected]> ---
(In reply to mab974 from comment #2)
> (In reply to Jean-Philippe Pialasse from comment #1)
> > command might need update from
> >
> > CMD3=' | grep "Failed password" | sed -e "s/^.*from //" -e "s/
> > port.*$//" >> $RESFILE'
> >
> >
> > to
> >
> > CMD3=' | grep -E "(Failed password|Invalid user \w+ from)" | sed -e
> > "s/^.*from //" -e "s/ port.*$//" >> $RESFILE'
>
> Cases will be counted several times. Here's what I get from ONE access error
> :
>
> @400000005d8633bc0365e944 Invalid user zotto from 192.168.0.11
> @400000005d8633bc045ea50c input_userauth_request: invalid user zotto
> @400000005d8633c0089c5e5c Failed password for invalid user zotto from
> 192.168.0.11 port 43070 ssh2
> @400000005d8633c008af424c Disconnecting: Too many authentication failures
> for zotto
I do not see any "Failed password" in any of my sshd logs on 5different servers
with thousand of invalid user failure. So the Invalid user need to be
implemented.
On the fact that you can get double count.
Those are 2 errors for two reasons : one the user does not exist, the other the
password failed. There are other way to fail auth if password is disabled
particularly, which is sme server default :
# config getprop sshd PasswordAuthentication
no
in this case we get
Disconnecting: Too many authentication failures for nicolas
but this gives no ip and hence is not useful.
--
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
