On Thu, Jul 08, 2010 at 07:42:15PM -0400, Glen Barber wrote:
> ...
> What caught my interest is if I attempt to log in from a machine where I
> do not have my key or an incorrect key, I see nothing logged in auth.log
> about a failed login attempt. If I attempt with an invalid username, as
> expected, I see 'Invalid user ${USER} from ${IP}.'
>
> I'm more concerned with ssh login failures with valid user names.
> Looking at crypto/openssh/auth.c, allowed_user() returns true if the
> user is not in DenyUsers or DenyGroups, exists in AllowUsers or
> AllowGroups (if it is not empty), and has an executable shell. I'm no C
> hacker, but superficially it looks like it can never meet a condition
> where the user is valid but the key is invalid to trigger a log entry.
>
> Is this a bug in openssh, or have I overlooked something in my
> configuration?What I do is configure IPFW to log all attempted session-initiation packets on 22/tcp, and correlate /var/log/auth.log & /var/log/security. It's rather interesting to see how many entries show up in the latter that have no corresponding entry in the former. Peace, david -- David H. Wolfskill [email protected] Depriving a girl or boy of an opportunity for education is evil. See http://www.catwhisker.org/~david/publickey.gpg for my public key.
pgp29pgym4q0L.pgp
Description: PGP signature
