Bug#491550: sshd does not log login attempts using invalid public keys

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#491550: sshd does not log login attempts using invalid public keys
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun, 20 Jul 2008 12:55:39 +0100
Message-id: <[🔎] 20080720115539.5001.73629.reportbug@simplex.rtf.org.uk>
Reply-to: Richard Lewis <richard.lewis.debian@googlemail.com>, 491550@bugs.debian.org

Package: ssh
Severity: normal

If atatckers attempt to log in using invalid users/passwords then sshd
adds a line to that effect to the log.  But if they are using public
keys that are not allowed then nothing is added.

This means that if a system is still allowing "vulnerable" keys then
an attacker can brute-force a login by trying all such in turn, and
the sysadmin will never notice this even if they review their logs.

Packages like fail2ban and denyhosts rely on the log file contianing
details of unsucessful login attempts.

#75043 is related.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.29-xen
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Reply to:

Prev by Date: Bug#76312: Best excuses used to flirt around
Next by Date: Bug#219402: Be the only supermacho in the city.
Previous by thread: Bug#76312: Best excuses used to flirt around
Next by thread: Bug#219402: Be the only supermacho in the city.
Index(es):
- Date
- Thread