https://bugzilla.mindrot.org/show_bug.cgi?id=1468
Summary: sshd does not log failed attempts using key-based
authentication only
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: bitbucket@mindrot.org
ReportedBy: advax@triumf.ca
When testing the Debian SSH exploit against SSH-2.0-OpenSSH_4.1p1-hpn
I noticed that sshd did not log key failures, only password failures.
I just built SSH-2.0-OpenSSH_5.0 on Fedora Core 4 with no configure
options (./configure; make) and again there is no logging
$ ./ssh -p 8022 -o PasswordAuthentication=no -i badkey localhost
Permission denied (publickey,password).
- no log entry
$ ./ssh -p 8022 -o PasswordAuthentication=no -i goodkey localhost
- login successful
- syslog entry: sshd[6987]: Accepted publickey for andrew from
127.0.0.1 port 39492 ssh2
The Debian exploit tries an average of 32,000 keys with no evidence in
syslog apart from an entry on success.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: sshd does not log failed attempts using key-based
authentication only
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: bitbucket@mindrot.org
ReportedBy: advax@triumf.ca
When testing the Debian SSH exploit against SSH-2.0-OpenSSH_4.1p1-hpn
I noticed that sshd did not log key failures, only password failures.
I just built SSH-2.0-OpenSSH_5.0 on Fedora Core 4 with no configure
options (./configure; make) and again there is no logging
$ ./ssh -p 8022 -o PasswordAuthentication=no -i badkey localhost
Permission denied (publickey,password).
- no log entry
$ ./ssh -p 8022 -o PasswordAuthentication=no -i goodkey localhost
- login successful
- syslog entry: sshd[6987]: Accepted publickey for andrew from
127.0.0.1 port 39492 ssh2
The Debian exploit tries an average of 32,000 keys with no evidence in
syslog apart from an entry on success.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs