Re: [Denyhosts-user] help on log

Tue, 31 Jul 2007 01:00:38 -0700 

Dear Nil,

     I have tried it up but whenever I used wrong key it doesn't show any log 
in server. With right key authentication and phrases I am able to get log of 
acceptance in auth.log.  Again with password authentication it is working fine.
So, could you tell me where will be the location of the failure of public key 
authentication method.

    And one more question  can we use denyhosts for ftp attacks as well as sshd 
attacks simultaneously. could anyone tell me what will be the parameter i have 
to set in 
SECURE_LOG =

      I will be expecting some light. Thanking you

Regards,
John








"Nils Breunese (Lemonbit)" <[EMAIL PROTECTED]> wrote: Hello John,

>          Thanks for replying.  I was wondering where I can find the  
> log of failure attempted with public key authentication. I  am  
> using freebsd but i found only success attempt of public key  
> authentication in auth.log . Could you help me how to get failure  
> attempt in this case so that denyhost will work properly.
>
>
>         I would be very thankful for your help. Looking forward to  
> hear from you soon.

I'm sorry, small miscoomunication. I only block hosts that fail 5  
normal password auth logins (password auth is not even enabled on our  
servers). I don't think we block hosts that attempt public key auth,  
but then again I also think that no zombie network is trying brute  
force public key auth. :o)

We're also not using DenyHosts at the moment, but Fail2Ban. Very  
similar program actually.

You could try doing some failed public key auth attempts, see what  
that gets you in your logs and see if you can write a regular  
expression for it if it's not already in there. The list might be  
able to help you out.

Good luck,

Nils Breunese.




       
---------------------------------
Pinpoint customers who are looking for what you sell. 
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Reply via email to