[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sshd: Logging illegal users

On Thu, Aug 19, 2004 at 10:44:40AM +0200, Thomas Hungenberg wrote:
> On Sun, 15 Aug 2004 12:34:59 -0600, Will Aoki wrote:
> >> Is there a way to make the sshd included with Debian/woody to also log
> >> the usernames an attacker tried to connect with?
> >
> > Set "LogLevel VERBOSE" in /etc/ssh/sshd_config
> LogLevel is already set to VERBOSE. But even with LogLevel DEBUG the
> invalid usernames are not logged. :-(
> I tested that on three different machines running Debian/woody.

It works for me on all of my machines running woody, including a fresh
installation I did last week.

> Could this be a PAM issue? Is there perhaps a configuration variable
> to turn on logging of invalid usernames in PAM like LOG_UNKFAIL_ENAB 
> in /etc/login.defs?

My PAM configuration is only nonstandard in that the SSH PAM config says
   auth       sufficient   pam_ldap.so
   auth       required     pam_unix.so
but I've also seen it work on machines using pam_krb5 or a completely
standard PAM configuration. 

This may sound a stupuid question, but did you restart sshd after making
the change?

William Aoki  KD7YAF  waoki@umnh.utah.edu  /"\  ASCII Ribbon Campaign
                                           \ /  No HTML in mail or news!
                                           / \

Reply to: