1 |
On Monday 28 Apr 2014 20:54:18 thegeezer wrote: |
2 |
> On 04/21/2014 08:02 PM, thegeezer wrote: |
3 |
> > Hi all, |
4 |
> > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's |
5 |
> > own log file fail2ban.log in order to block repeat offenders for longer |
6 |
> > as abuse@offender doesn't really seem to help these days. |
7 |
> > |
8 |
> > then i saw a warning saying fail2ban not blocking all requests which i |
9 |
> > followed to github [2] wihch has a paste of his logfiles [3] |
10 |
> > |
11 |
> > now this i commented at github saying it looks similar to something i |
12 |
> > discovered when trying to setup authkeys on ssh - namely invalid keys |
13 |
> > give you no log file entry saying "invalid keys" |
14 |
> > |
15 |
> > can anyone tell me if they know how to make the log file entry show that |
16 |
> > it was an invalid key? |
17 |
> > i only know that it is this from my experience -- when i was using the |
18 |
> > wrong key or auth keys file had wrong permission i had only similar |
19 |
> > entries in my logs. i did try to find the answer myself at that time but |
20 |
> > was unable to. |
21 |
> > |
22 |
> > thanks in advance! |
23 |
> > |
24 |
> > |
25 |
> > |
26 |
> > [1] http://wiki.gentoo.org/wiki/Fail2ban |
27 |
> > [2] https://github.com/fail2ban/fail2ban/issues/643 |
28 |
> > [3] http://bpaste.net/show/188261/ |
29 |
> |
30 |
> hey so i've been doing some digging and for openssh to log public key |
31 |
> failures you have to set loglevel to minimum of VERBOSE |
32 |
> please see my email to openssh mailing list. [4] |
33 |
> is this something that could be implemented as a gentoo specific patch ? |
34 |
> if so how would i go about requesting it ? |
35 |
> i don't know about you all but i'm a little concerned that ssh is not |
36 |
> logging bruteforce public keys, they might be harder to crack but if |
37 |
> they are invisible in the logs then this could go on silently for a long |
38 |
> time. |
39 |
> |
40 |
> [4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3 |
41 |
|
42 |
At the very least when one emerges fail2ban there should be an elog message |
43 |
informing/warning of the required modifications to the associated |
44 |
applications' config files, like ssh, to enable fail2ban to do its filtering. |
45 |
|
46 |
You can raise a bug for it at: https://bugs.gentoo.org/ |
47 |
|
48 |
-- |
49 |
Regards, |
50 |
Mick |