On 04/21/2014 08:02 PM, thegeezer wrote: > Hi all, > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's > own log file fail2ban.log in order to block repeat offenders for longer > as abuse@offender doesn't really seem to help these days. > > then i saw a warning saying fail2ban not blocking all requests which i > followed to github [2] wihch has a paste of his logfiles [3] > > now this i commented at github saying it looks similar to something i > discovered when trying to setup authkeys on ssh - namely invalid keys > give you no log file entry saying "invalid keys" > > can anyone tell me if they know how to make the log file entry show that > it was an invalid key? > i only know that it is this from my experience -- when i was using the wrong > key or auth keys file had wrong permission i had only similar entries in my > logs. > i did try to find the answer myself at that time but was unable to. > > thanks in advance! > > > > [1] http://wiki.gentoo.org/wiki/Fail2ban > [2] https://github.com/fail2ban/fail2ban/issues/643 > [3] http://bpaste.net/show/188261/ > > > > hey so i've been doing some digging and for openssh to log public key failures you have to set loglevel to minimum of VERBOSE please see my email to openssh mailing list. [4] is this something that could be implemented as a gentoo specific patch ? if so how would i go about requesting it ? i don't know about you all but i'm a little concerned that ssh is not logging bruteforce public keys, they might be harder to crack but if they are invisible in the logs then this could go on silently for a long time.
[4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3
