hmm.. > I have LogLevel INFO possibly you have VERBOSE? I think that INFO is the > default on a Debian install? I do have INFO too # Logging SyslogFacility AUTH LogLevel INFO
I think I figured out the difference...
Check out what you have for options (I believe these are default values
on debian systems)
ChallengeResponseAuthentication no
PasswordAuthentication yes
in such configuration it behaves how I reported - so if there is illegal
user trying to login - there will be a second line immediately
following... if you use ChallengeResponseAuthentication then if the
attacker doesn't really enter a password (may be just using recent
vulnerability to decide if it is an existing account) - then there is no
2nd line reported...
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpyxurNmN8IN.pgp
Description: PGP signature
