Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs: Page 2
1 2  View All
[Bug 974] Record Badlogins for all supported Authentication methods [ In reply to ]
bugzilla-daemon at mindrot
Feb 2, 2005, 10:14 PM
Post #26 of 28 (116 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=974





------- Additional Comments From dtucker@zip.com.au 2005-02-03 17:14 -------
(In reply to comment #21)
> > + AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
>
> In HP-UX it is "/var/adm/btmp"

The line you quoted is from the Linux block. On HP-UX it picks up the BTMP_FILE
definition from the system headers (see defines.h). BTMP_FILE is defined on my
11.11 box, if it needs to be added for other versions just let me know which.

> > As to logging failures for the other auth types (pubkey, gssapi, hostbased),
> > Idon't think that should be enabled by default
>
> How about getting them under a sshd_config directive .

I'm not sure. As a rule we try to keep the -Portable only config uptions to a
minimum to preserve our sanity. Maybe a compile-time option to begin with
("-DPARANOID_AUTH_RECORDING" or something).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 974] Record Badlogins for all supported Authentication methods [ In reply to ]
bugzilla-daemon at mindrot
Feb 3, 2005, 1:07 AM
Post #27 of 28 (113 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=974





------- Additional Comments From ashok_kovai@hotmail.com 2005-02-03 20:07 -------
Can we log bad login attempts of an invalid user ?

This patch log for "none" method when login attempt is made by a In-valid User.
But works correctly for existing valid user ( doesn't log for "none" method )

1. Disabling "none" doesn't solve
if (authenticated == 0 && !authctxt->postponed && strcmp(method, "none" ) && ...

2. Avoiding Invalid user doesn't solve
if (authenticated == 0 && authctxt->valid && !authctxt->postponed &&
strcmp(method, "none" ) && ....



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 974] Record Badlogins for all supported Authentication methods [ In reply to ]
bugzilla-daemon at mindrot
Feb 3, 2005, 8:22 PM
Post #28 of 28 (113 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=974





------- Additional Comments From dtucker@zip.com.au 2005-02-04 15:22 -------
(In reply to comment #23)
> This patch log for "none" method when login attempt is made by a invalid user.
> But works correctly for existing valid user (doesn't log for "none" method )

That happens earlier than the auth loop (in getpwnamallow). I'm not sure I want
to change that right now as it's the only place guaranteed to be called for an
invalid user if they try only, eg pubkey authentication then disconnect (because
that occurs purely in the unprivileged child).

We may be able to address that with the AUDIT_EVENTS hooks but those aren't
enabled by default.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
1 2  View All

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal