[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

sshd: Logging illegal users


sshd included with Debian/sarge logs connection attempts with illegal
usernames this way:

sshd[xxx]: Illegal user <username> from xxx.xxx.xxx.xxx
sshd[xxx]: Failed unknown for illegal user <username> from xxx.xxx.xxx.xxx port xxxxx ssh2

However, the older sshd version from Debian/woody by default only logs
the following when trying to connect with an illegal username:

sshd[xxx]: Connection from xxx.xxx.xxx.xxx port xxxxx
sshd[xxx]: Enabling compatibility mode for protocol 2.0

Is there a way to make the sshd included with Debian/woody to also log
the usernames an attacker tried to connect with?

      - Thomas

PGP: 2047Bit RSA, ID 0x668E601D - Encrypted mail welcome!

Reply to: