Bug#341883: openssh-server and btmp

To: 341883@bugs.debian.org
Cc: Ken Bowley <johann@trod.org>
Subject: Bug#341883: openssh-server and btmp
From: Sam Morris <sam@robots.org.uk>
Date: Sat, 23 Sep 2006 18:26:57 +0100
Message-id: <[🔎] 1159032417.11353.19.camel@xerces>
Reply-to: Sam Morris <sam@robots.org.uk>, 341883@bugs.debian.org

Logging to /var/log/btmp was disabled because "The most common login
failure is to give password instead of username", and because the btmp
file is world-readable on a Debian system. More info is attached to bug
#314956.

How about altering the server to only record a failed login to the btmp
file if the given username is a valid one? If not then a dummy account
name could be logged.

-- 
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Bug#389038: openssh-server: Please consider using LSB-enabled init script
Next by Date: Bug#73611: Lo an for susan aimonetto
Previous by thread: Bug#389038: openssh-server: Please consider using LSB-enabled init script
Next by thread: Bug#341883: openssh-server and btmp
Index(es):
- Date
- Thread