[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSH not logging denied public keys, even with logging set to verbose.



On Fri, 2 Mar 2012, Jordon Bedwell <envygeeks@gmail.com> wrote:
> > Run the command below.
> > 
> >  grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
> > 
> > If you don't get 1 as output, your sshd is compromised.
> 
> It returned 1, this happens on freshly installed Debian and Ubuntu too
> though, tested it on Ubuntu too.

http://etbe.coker.com.au/2011/12/31/server-cracked/

If you havd a sshd that is compromised in the same way as one was on one of my 
servers then Anibal's command will give an output of 0.

I don't know what relevance this has to a discussion of OpenSSH logging 
though.

I'd like to have OpenSSH log the email address field from a key that was used 
for login so I could see something like "ssh key russell@coker.com.au was used 
to login to account rjc" in my logs.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/


Reply to: