[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sshd: Logging illegal users



On Fri, 20 Aug 2004 02:26:17 -0600, Will Aoki wrote:

>> > Set "LogLevel VERBOSE" in /etc/ssh/sshd_config
>> 
>> LogLevel is already set to VERBOSE. But even with LogLevel DEBUG the
>> invalid usernames are not logged. :-(
>> I tested that on three different machines running Debian/woody.
>
> It works for me on all of my machines running woody, including a fresh
> installation I did last week.

I just figured out that when setting "UsePrivilegeSeparation" to "no"
in sshd_config, also sshd on Debian/woody logs 

sshd[xxx]: Failed <auth-method> for illegal user <user> from xxx.xxx.xxx.xxx port xxxxx ssh2

But with PrivilegeSeparation turned on, the username is not logged.

However, sshd from Debian/sarge also logs the illegal usernames with
PrivilegeSeparation turned on.


So I wonder if you do not use PrivilegeSeparation on your woody
installations?


      - Thomas

-- 
PGP: 2047Bit RSA, ID 0x668E601D - Encrypted mail welcome!



Reply to: