1 |
On 04/21/2014 08:02 PM, thegeezer wrote: |
2 |
> Hi all, |
3 |
> i was looking up the gentoo wiki on fail2ban [1] to have it look at it's |
4 |
> own log file fail2ban.log in order to block repeat offenders for longer |
5 |
> as abuse@offender doesn't really seem to help these days. |
6 |
> |
7 |
> then i saw a warning saying fail2ban not blocking all requests which i |
8 |
> followed to github [2] wihch has a paste of his logfiles [3] |
9 |
> |
10 |
> now this i commented at github saying it looks similar to something i |
11 |
> discovered when trying to setup authkeys on ssh - namely invalid keys |
12 |
> give you no log file entry saying "invalid keys" |
13 |
> |
14 |
> can anyone tell me if they know how to make the log file entry show that |
15 |
> it was an invalid key? |
16 |
> i only know that it is this from my experience -- when i was using the wrong |
17 |
> key or auth keys file had wrong permission i had only similar entries in my logs. |
18 |
> i did try to find the answer myself at that time but was unable to. |
19 |
> |
20 |
> thanks in advance! |
21 |
> |
22 |
> |
23 |
> |
24 |
> [1] http://wiki.gentoo.org/wiki/Fail2ban |
25 |
> [2] https://github.com/fail2ban/fail2ban/issues/643 |
26 |
> [3] http://bpaste.net/show/188261/ |
27 |
> |
28 |
> |
29 |
> |
30 |
> |
31 |
hey so i've been doing some digging and for openssh to log public key |
32 |
failures you have to set loglevel to minimum of VERBOSE |
33 |
please see my email to openssh mailing list. [4] |
34 |
is this something that could be implemented as a gentoo specific patch ? |
35 |
if so how would i go about requesting it ? |
36 |
i don't know about you all but i'm a little concerned that ssh is not |
37 |
logging bruteforce public keys, they might be harder to crack but if |
38 |
they are invisible in the logs then this could go on silently for a long |
39 |
time. |
40 |
|
41 |
[4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3 |