Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Restore logging of SSH logins' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Restore logging of SSH logins
Authored by: PanicRoom on Oct 16, '05 10:25:58AM

If this hint aims at logging 'attempted' SSH logins, then I must be doing something wrong: at my end, it's logging successful SSH logins but not failed attempts (I entered a wrong password a few times to check). The only thing that might be different with my setup is that I use a publickey (not an admin password) for SSH logins. But why would this suppress the logging of attempted logins?



[ Reply to This | # ]
Restore logging of SSH logins
Authored by: kd4ttc on Oct 16, '05 03:28:48PM

what happens if you try a bad user name, such as ssh -l nosuchuser xx.xx.xx.xx to your machine?



[ Reply to This | # ]
Restore logging of SSH logins
Authored by: PanicRoom on Oct 16, '05 11:03:09PM

Thanks for the tip - now it works! It only logs failed SSH attempts if the user name is incorrect. If the user name is right, it doesn't log anything. Obviously this is good for detecting brute force attacks where the attacker doesn't know the user name or password. Curiously, if I tried hacking into a known computer where you already know the user name (say at work) then none of the attempts would be logged. Even more interesting if you think that a good proportion of mac users will still have the default setup in place where their real full name acts as their user name and first name as short name. In the long run, it really comes down to having a good passphrase.



[ Reply to This | # ]
logging of SSH login failures
Authored by: ccase on Oct 16, '05 11:43:13PM

Both failed user names and failed passwords are logged. To see that, you have to be using password authentication.

What you are doing is using a public key with a passphrase. That is failing on the client side, not the server side, so there is nothing to log.

To see this, rename the directory with the public key (mv .ssh .ssh.save). Then try logging in. You'll be asked for a password. If you type in non-sense a few times, then login will fail, and a log entry will be generated.



[ Reply to This | # ]