[Bug 304598] Re: OpenSSH does not log failed authentication attempts when PublicKey method is used
Hi, this seems to be the same bug as: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/501956 Regards, Don. -- OpenSSH does not log failed authentication attempts when PublicKey method is used https://bugs.launchpad.net/bugs/304598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
To summarize: LogLevel INFO RSAAuthentication yes PubkeyAuthentication yes HostbasedAthentication no ChallengeResponseAuthentication no PasswordAuthentication no AllowUsers lukeskywalker [1] The decision to log the error is made in procedure auth_log in auth.c: /* Raise logging level */ if (authenticated == 1 || !authctxt-valid || authctxt-failures = options.max_authtries / 2 || strcmp(method, password) == 0) authlog = logit; When account exists but does not have a trusted pubkey on the server the variables have the following values: auth_log decision has the following values: authenticated . 0 authctxt-valid ... 1 authctxt-failures 0 options.max_authtries . 6 method publickey Which translates to: if (0 == 1 || ! 1 || 0 = 6 / 2 || 1 == 0) authlog = logit; So authlog cannot escalate to the logit function (nothing in auth.log) I suggest ADDING the following change between /* Raise logging level */ and the start of the if statement that immediately followed it: if (!authenticated authctxt--valid strcmp(method, publickey) == 0) authlog = logit; There seems to be an alternative train of thought from the 2005 portable bug associated with this report. I guess that was never implemented (please add comments if you know the history). Regards, Don. -- OpenSSH does not log failed attempts when key authentication is used https://bugs.launchpad.net/bugs/501956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 304598] Re: OpenSSH does not log failed authentication attempts when PublicKey method is used
Hi, this seems to be the same bug as: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/501956 Regards, Don. -- OpenSSH does not log failed authentication attempts when PublicKey method is used https://bugs.launchpad.net/bugs/304598 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
To summarize: LogLevel INFO RSAAuthentication yes PubkeyAuthentication yes HostbasedAthentication no ChallengeResponseAuthentication no PasswordAuthentication no AllowUsers lukeskywalker [1] The decision to log the error is made in procedure auth_log in auth.c: /* Raise logging level */ if (authenticated == 1 || !authctxt-valid || authctxt-failures = options.max_authtries / 2 || strcmp(method, password) == 0) authlog = logit; When account exists but does not have a trusted pubkey on the server the variables have the following values: auth_log decision has the following values: authenticated . 0 authctxt-valid ... 1 authctxt-failures 0 options.max_authtries . 6 method publickey Which translates to: if (0 == 1 || ! 1 || 0 = 6 / 2 || 1 == 0) authlog = logit; So authlog cannot escalate to the logit function (nothing in auth.log) I suggest ADDING the following change between /* Raise logging level */ and the start of the if statement that immediately followed it: if (!authenticated authctxt--valid strcmp(method, publickey) == 0) authlog = logit; There seems to be an alternative train of thought from the 2005 portable bug associated with this report. I guess that was never implemented (please add comments if you know the history). Regards, Don. -- OpenSSH does not log failed attempts when key authentication is used https://bugs.launchpad.net/bugs/501956 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
auth_log in auth.c is not changing the error logging function from authlog to logit for this type of error (line 258). If you use sshd start -dd you will get the failed attempt clearly on the screen but NOT in auth.log. NB. Setting LogLevel to VERBOSE does show the failed attempts quite well I think: This account does not exist: Feb 16 00:17:18 nono sshd[18101]: Connection from 192.168.0.247 port 36732 Feb 16 00:17:19 nono sshd[18101]: Invalid user r2 from 192.0.168.247 This account exists on the server but does not have a publickey: Feb 16 00:17:24 nono sshd[18103]: Connection from 192.168.0.247 port 36733 Feb 16 00:17:24 nono sshd[18103]: Failed publickey for ob1 from 192.168.0.247 port 36733 ssh2 Also note that specifically denying users through the various allow/deny/user/group methods in sshd_config has an effect on the error logged as well. However I agree that the 2nd line of the two should be logged as INFO. Will continue tomorrow... Regards, Don. -- OpenSSH does not log failed attempts when key authentication is used https://bugs.launchpad.net/bugs/501956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
auth_log in auth.c is not changing the error logging function from authlog to logit for this type of error (line 258). If you use sshd start -dd you will get the failed attempt clearly on the screen but NOT in auth.log. NB. Setting LogLevel to VERBOSE does show the failed attempts quite well I think: This account does not exist: Feb 16 00:17:18 nono sshd[18101]: Connection from 192.168.0.247 port 36732 Feb 16 00:17:19 nono sshd[18101]: Invalid user r2 from 192.0.168.247 This account exists on the server but does not have a publickey: Feb 16 00:17:24 nono sshd[18103]: Connection from 192.168.0.247 port 36733 Feb 16 00:17:24 nono sshd[18103]: Failed publickey for ob1 from 192.168.0.247 port 36733 ssh2 Also note that specifically denying users through the various allow/deny/user/group methods in sshd_config has an effect on the error logged as well. However I agree that the 2nd line of the two should be logged as INFO. Will continue tomorrow... Regards, Don. -- OpenSSH does not log failed attempts when key authentication is used https://bugs.launchpad.net/bugs/501956 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs