Re: sshd: Logging illegal users
On Thu, Aug 19, 2004 at 10:44:40AM +0200, Thomas Hungenberg wrote:
> On Sun, 15 Aug 2004 12:34:59 -0600, Will Aoki wrote:
> >> Is there a way to make the sshd included with Debian/woody to also log
> >> the usernames an attacker tried to connect with?
> > Set "LogLevel VERBOSE" in /etc/ssh/sshd_config
> LogLevel is already set to VERBOSE. But even with LogLevel DEBUG the
> invalid usernames are not logged. :-(
> I tested that on three different machines running Debian/woody.
It works for me on all of my machines running woody, including a fresh
installation I did last week.
> Could this be a PAM issue? Is there perhaps a configuration variable
> to turn on logging of invalid usernames in PAM like LOG_UNKFAIL_ENAB
> in /etc/login.defs?
My PAM configuration is only nonstandard in that the SSH PAM config says
auth sufficient pam_ldap.so
auth required pam_unix.so
but I've also seen it work on machines using pam_krb5 or a completely
standard PAM configuration.
This may sound a stupuid question, but did you restart sshd after making
William Aoki KD7YAF email@example.com /"\ ASCII Ribbon Campaign
\ / No HTML in mail or news!