Bug#626112: openssh-server: ssh doesn't log some failed authentications to auth.log anymore

To: Christoph Anton Mitterer <calestyo@scientia.net>, 626112@bugs.debian.org
Subject: Bug#626112: openssh-server: ssh doesn't log some failed authentications to auth.log anymore
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 24 Jul 2011 11:02:25 +0100
Message-id: <[🔎] 20110724100219.GA4465@riva.dynamic.greenend.org.uk>
Reply-to: Colin Watson <cjwatson@debian.org>, 626112@bugs.debian.org
In-reply-to: <20110508221519.16250.48452.reportbug@heisenberg.scientia.net>
References: <20110508221519.16250.48452.reportbug@heisenberg.scientia.net>

On Mon, May 09, 2011 at 12:15:19AM +0200, Christoph Anton Mitterer wrote:
> For *some* failed connections ssh seems to put no logging into
> auth.log anymore.

Did this work as you expect in some previous version?  Which one?

> This can be quite security relevant when using e.g. fail2ban which relies on this.
> 
> Only some (types?) of connections seem to be affected, as I still see few IPs
> that get banned by fail2ban.
> 
> But when I e.g. go to another host of mine, and try repeatedly to login, they don't
> get banned (as nothing appears in the logs).
> I tried both, hosts where a ~/.ssh/id_rsa* was in place and not.
> 
> 
> Attached is my sshd's configuration. Please ask for mor information if you need any.

If you use 'LogLevel VERBOSE', does that help?

Can you provide some examples of log messages that fail2ban is noticing
and banning?

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#626112: openssh-server: ssh doesn't log some failed authentications to auth.log anymore
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#558171: (no subject)
Next by Date: Accepted openssh 1:5.8p1-5 (source i386 all)
Previous by thread: Bug#558171: (no subject)
Next by thread: Bug#626112: openssh-server: ssh doesn't log some failed authentications to auth.log anymore
Index(es):
- Date
- Thread