On 3/20/17, Darren Tucker : > On Sun, Mar 19, 2017 at 11:47 PM, Lars Noodén wrote: >> Looking at a recent snapshot, see dmesg at the bottom, I have two >> questions about OpenSSH logging. >> >> 1) The entry in sshd_config(5) for MaxAuthTries states the following >> about log entries: >> >> ... Once the number of failures reaches half this >> value, additional failures are logged. The default is 6. >> >> Yet the logging of failures seems to occur these days from the very first >> try. >> Has this behavior changed? > > No, but it's always logged password attempts regardless of whether or > not you've got to MaxAuthTries/2: > > $ cvs annotate auth.c | grep -C2 max_auth > Annotations for auth.c > *************** > 1.13 (markus 18-Jan-01): if (authenticated == 1 || > 1.13 (markus 18-Jan-01): !authctxt->valid || > 1.54 (dtucker 23-May-04): authctxt->failures >= > options.max_authtries / 2 || > 1.13 (markus 18-Jan-01): strcmp(method, "password") == > 0) > 1.47 (itojun 08-Apr-03): authlog = logit;
Would the following change help? Regards, Lars Index: sshd_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.237 diff -u -p -u -p -r1.237 sshd_config.5 --- sshd_config.5 7 Oct 2016 14:41:52 -0000 1.237 +++ sshd_config.5 20 Mar 2017 06:10:07 -0000 @@ -1080,8 +1080,7 @@ and .It Cm MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. -Once the number of failures reaches half this value, -additional failures are logged. +All failures are logged. The default is 6. .It Cm MaxSessions Specifies the maximum number of open shell, login or subsystem (e.g. sftp) cvs server: Diffing lib cvs server: Diffing moduli-gen cvs server: Diffing scp cvs server: Diffing sftp cvs server: Diffing sftp-server cvs server: Diffing ssh cvs server: Diffing ssh-add cvs server: Diffing ssh-agent cvs server: Diffing ssh-keygen cvs server: Diffing ssh-keyscan cvs server: Diffing ssh-keysign cvs server: Diffing ssh-pkcs11-helper cvs server: Diffing sshd
