OpenSSH does not log failed authentication attempts when PublicKey method is used
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssh (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Version: Ubuntu 8.10 (Intrepid)
Package: openssh-server:
Installed: 1:5.1p1-3ubuntu1
Candidate: 1:5.1p1-3ubuntu1
Version table:
*** 1:5.1p1-3ubuntu1 0
500 http://
100 /var/lib/
What I expected: I expected failed public key authentication attempts to be logged by default in /var/log/auth.log.
What happened: OpenSSH does not log failed public key authentication attempts by default ("LogLevel INFO"), however failed attempts using password authentication are logged, as are attempts to login with an invalid username.
Fix: Change "LogLevel INFO" to "LogLevel VERBOSE" in /etc/ssh/sshd.conf. This shouldn't be necessary as failed authentication attempts ought to be logged by default, especially considering the possibility that users may be using vulnerable keys generated before the recent openssl patch.
See https:/
| Kees Cook (kees) wrote | #1 |
| Changed in openssh (Ubuntu): | |
| assignee: | nobody → cjwatson |
| status: | New → Incomplete |
| haeckse (haeckse) wrote | #2 |
| Don Reid (thebunfighter) wrote | #3 |
| Jamie Strandboge (jdstrand) wrote | #4 |
| Changed in openssh (Ubuntu): | |
| assignee: | Colin Watson (cjwatson) → nobody |
| status: | Incomplete → Confirmed |
| security vulnerability: | yes → no |
Colin, what is your opinion on this? Upstream doesn't seem to want to change the setting, but it does seem strange. Auth failures (regardless of origin) should be logged by default.