Your message dated Tue, 6 Sep 2011 10:32:42 +0100
with message-id <[email protected]>
and subject line Re: Bug#450655: ssh: Insuficient logging when user isn't on
the allowed group
has caused the Debian Bug report #450655,
regarding ssh: Insuficient logging when user isn't on the allowed group
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
450655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450655
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ssh
Version: 1:3.8.1p1-8.sarge.6
Severity: normal
When ssh server is configured to only allow a certain group of users to
login:
AllowGroups ssh
any user trying to login will be logged with insufficient information:
Nov 8 13:31:09 lobo sshd[31794]: User root not allowed because none of
user's groups are listed in AllowGroups
Nov 8 13:31:13 lobo sshd[31796]: User root not allowed because none of
user's groups are listed in AllowGroups
Nov 8 13:31:17 lobo sshd[31798]: User root not allowed because none of
user's groups are listed in AllowGroups
Nov 8 13:31:21 lobo sshd[31800]: User root not allowed because none of
user's groups are listed in AllowGroups
this is a problem if you're using a tool such fail2ban, which can't
extract the ip address to ban it from accessing the ssh service. To fix
this, I had to switch the ssh server log level to VERBOSE:
SyslogFacility AUTH
LogLevel VERBOSE
Now I get something usable:
Nov 8 14:09:51 lobo sshd[1185]: Connection from xx.xxx.xxx.xxx port
54850
Nov 8 14:10:03 lobo sshd[1185]: User root not allowed because none of
user's groups are listed in AllowGroups
Nov 8 14:10:29 lobo sshd[1189]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=xxxxxxxxxxxxxxxxxxx.com user=root
Nov 8 14:10:31 lobo sshd[1185]: error: PAM: Authentication failure for
illegal user root from xxxxxxxxxxxxxxxxxxx.com
Nov 8 14:10:31 lobo sshd[1185]: Failed keyboard-interactive/pam for
illegal user root from xx.xxx.xxx.xxx port 54850 ssh2
I'm attaching the sshd_config just in case
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel VERBOSE
LoginGraceTime 600
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
Subsystem sftp /usr/lib/sftp-server
AllowGroups ssh
UsePAM yes
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages ssh depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.13 Debian configuration management sy
ii dpkg 1.10.28 Package maintenance system for Deb
ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7e-3sarge5 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- debconf information:
ssh/insecure_rshd:
ssh/ssh2_keys_merged:
ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
ssh/disable_cr_auth: false
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.0p1-1
On Thu, Nov 08, 2007 at 03:32:30PM -0500, Aristeu Rozanski wrote:
> Package: ssh
> Version: 1:3.8.1p1-8.sarge.6
> Severity: normal
>
> When ssh server is configured to only allow a certain group of users to
> login:
> AllowGroups ssh
> any user trying to login will be logged with insufficient information:
> Nov 8 13:31:09 lobo sshd[31794]: User root not allowed because none of
> user's groups are listed in AllowGroups
This was fixed some years ago in OpenSSH 4.0:
revision 1.3622
date: 2005/01/24 10:56:48; author: dtucker; state: Exp; lines: +5 -1
- [email protected] 2005/01/22 08:17:59
[auth.c]
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
DenyGroups. bz #909, ok djm@
See https://bugzilla.mindrot.org/show_bug.cgi?id=909.
Thanks,
--
Colin Watson [[email protected]]
--- End Message ---
