Gentoo Archives: gentoo-user

From: thegeezer <thegeezer@×××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] ssh authkeys log invalid
Date: Mon, 28 Apr 2014 19:54:32
Message-Id: 535EB1EA.2030506@thegeezer.net
In Reply to: [gentoo-user] ssh authkeys log invalid by thegeezer
1 On 04/21/2014 08:02 PM, thegeezer wrote:
2 > Hi all,
3 > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's
4 > own log file fail2ban.log in order to block repeat offenders for longer
5 > as abuse@offender doesn't really seem to help these days.
6 >
7 > then i saw a warning saying fail2ban not blocking all requests which i
8 > followed to github [2] wihch has a paste of his logfiles [3]
9 >
10 > now this i commented at github saying it looks similar to something i
11 > discovered when trying to setup authkeys on ssh - namely invalid keys
12 > give you no log file entry saying "invalid keys"
13 >
14 > can anyone tell me if they know how to make the log file entry show that
15 > it was an invalid key?
16 > i only know that it is this from my experience -- when i was using the wrong
17 > key or auth keys file had wrong permission i had only similar entries in my logs.
18 > i did try to find the answer myself at that time but was unable to.
19 >
20 > thanks in advance!
21 >
22 >
23 >
24 > [1] http://wiki.gentoo.org/wiki/Fail2ban
25 > [2] https://github.com/fail2ban/fail2ban/issues/643
26 > [3] http://bpaste.net/show/188261/
27 >
28 >
29 >
30 >
31 hey so i've been doing some digging and for openssh to log public key
32 failures you have to set loglevel to minimum of VERBOSE
33 please see my email to openssh mailing list. [4]
34 is this something that could be implemented as a gentoo specific patch ?
35 if so how would i go about requesting it ?
36 i don't know about you all but i'm a little concerned that ssh is not
37 logging bruteforce public keys, they might be harder to crack but if
38 they are invisible in the logs then this could go on silently for a long
39 time.
40
41 [4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3

Replies

Subject Author
Re: [gentoo-user] ssh authkeys log invalid Mick <michaelkintzios@×××××.com>