Re: sshd: Logging illegal users
On Thu, 19 Aug 2004, Thomas Hungenberg wrote:
> On Sun, 15 Aug 2004 12:34:59 -0600, Will Aoki wrote:
>
> >> Is there a way to make the sshd included with Debian/woody to also log
> >> the usernames an attacker tried to connect with?
> >
> > Set "LogLevel VERBOSE" in /etc/ssh/sshd_config
>
> LogLevel is already set to VERBOSE. But even with LogLevel DEBUG the
> invalid usernames are not logged. :-( I tested that on three different
> machines running Debian/woody.
>
> Could this be a PAM issue? Is there perhaps a configuration variable to
> turn on logging of invalid usernames in PAM like LOG_UNKFAIL_ENAB in
> /etc/login.defs?
Do you really want to log those illegal user names? If you do so, you
would run into danger to log passwords in plain text as well, when you
accidently enter the password when ssh asks you for the user name...
- Martin
Reply to: