Date: Sun, 5 May 2013 20:14:49 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Login failures usefulness with OpenSSH 6.1 Message-ID: <358B4722-3277-4A3B-93F3-33479A7D4682@DataIX.net>
index | next in thread | raw e-mail
Hello everyone, It seems that the login failures reported by the security output of a nightly periodic job has become somewhat useless per OpenSSH 6.1. I used to get username and IP address in the output but it seems that the logging format has changed. Instead of one line the log format now has two lines. One like the ones below and then another coinciding line that contains IP address and username. I think it would be more beneficial outputting the lines with the ip and username over the ones below for the security output. Not sure exactly when this changed but would like to gather some input before I inspect further on the changes that would have to be made. My output is from SVN FreeBSD STABLE 8.3 as of yesterday. Thanks & Clean Regards, ...Sample output... login failures: May 4 00:04:35 disbatch sshd[48898]: fatal: Write failed: Operation not permitted May 4 14:54:14 disbatch sshd[9544]: input_userauth_request: invalid user root [preauth] May 4 18:44:04 disbatch sshd[18326]: fatal: Read from socket failed: Connection reset by peer [preauth] -- Jason Hellenthal JJH48-ARIN -(2^(N-1))help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?358B4722-3277-4A3B-93F3-33479A7D4682>