Re: sshd: Logging illegal users
On Fri, 20 Aug 2004 02:26:17 -0600, Will Aoki wrote:
>> > Set "LogLevel VERBOSE" in /etc/ssh/sshd_config
>> LogLevel is already set to VERBOSE. But even with LogLevel DEBUG the
>> invalid usernames are not logged. :-(
>> I tested that on three different machines running Debian/woody.
> It works for me on all of my machines running woody, including a fresh
> installation I did last week.
I just figured out that when setting "UsePrivilegeSeparation" to "no"
in sshd_config, also sshd on Debian/woody logs
sshd[xxx]: Failed <auth-method> for illegal user <user> from xxx.xxx.xxx.xxx port xxxxx ssh2
But with PrivilegeSeparation turned on, the username is not logged.
However, sshd from Debian/sarge also logs the illegal usernames with
PrivilegeSeparation turned on.
So I wonder if you do not use PrivilegeSeparation on your woody
PGP: 2047Bit RSA, ID 0x668E601D - Encrypted mail welcome!