On Thu, Aug 19, 2004 at 10:44:40AM +0200, Thomas Hungenberg wrote: > On Sun, 15 Aug 2004 12:34:59 -0600, Will Aoki wrote: > > >> Is there a way to make the sshd included with Debian/woody to also log > >> the usernames an attacker tried to connect with? > > > > Set "LogLevel VERBOSE" in /etc/ssh/sshd_config > > LogLevel is already set to VERBOSE. But even with LogLevel DEBUG the > invalid usernames are not logged. :-( > I tested that on three different machines running Debian/woody.
It works for me on all of my machines running woody, including a fresh installation I did last week. > Could this be a PAM issue? Is there perhaps a configuration variable > to turn on logging of invalid usernames in PAM like LOG_UNKFAIL_ENAB > in /etc/login.defs? My PAM configuration is only nonstandard in that the SSH PAM config says auth sufficient pam_ldap.so before auth required pam_unix.so but I've also seen it work on machines using pam_krb5 or a completely standard PAM configuration. This may sound a stupuid question, but did you restart sshd after making the change? -- William Aoki KD7YAF [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign \ / No HTML in mail or news! X / \ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]