Re: [gentoo-user] ssh authkeys log invalid
On Monday 28 Apr 2014 20:54:18 thegeezer wrote: > On 04/21/2014 08:02 PM, thegeezer wrote: > > Hi all, > > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's > > own log file fail2ban.log in order to block repeat offenders for longer > > as abuse@offender doesn't really seem to help these days. > > > > then i saw a warning saying fail2ban not blocking all requests which i > > followed to github [2] wihch has a paste of his logfiles [3] > > > > now this i commented at github saying it looks similar to something i > > discovered when trying to setup authkeys on ssh - namely invalid keys > > give you no log file entry saying "invalid keys" > > > > can anyone tell me if they know how to make the log file entry show that > > it was an invalid key? > > i only know that it is this from my experience -- when i was using the > > wrong key or auth keys file had wrong permission i had only similar > > entries in my logs. i did try to find the answer myself at that time but > > was unable to. > > > > thanks in advance! > > > > > > > > [1] http://wiki.gentoo.org/wiki/Fail2ban > > [2] https://github.com/fail2ban/fail2ban/issues/643 > > [3] http://bpaste.net/show/188261/ > > hey so i've been doing some digging and for openssh to log public key > failures you have to set loglevel to minimum of VERBOSE > please see my email to openssh mailing list. [4] > is this something that could be implemented as a gentoo specific patch ? > if so how would i go about requesting it ? > i don't know about you all but i'm a little concerned that ssh is not > logging bruteforce public keys, they might be harder to crack but if > they are invisible in the logs then this could go on silently for a long > time. > > [4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3 At the very least when one emerges fail2ban there should be an elog message informing/warning of the required modifications to the associated applications' config files, like ssh, to enable fail2ban to do its filtering. You can raise a bug for it at: https://bugs.gentoo.org/ -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] ssh authkeys log invalid
On 04/21/2014 08:02 PM, thegeezer wrote: > Hi all, > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's > own log file fail2ban.log in order to block repeat offenders for longer > as abuse@offender doesn't really seem to help these days. > > then i saw a warning saying fail2ban not blocking all requests which i > followed to github [2] wihch has a paste of his logfiles [3] > > now this i commented at github saying it looks similar to something i > discovered when trying to setup authkeys on ssh - namely invalid keys > give you no log file entry saying "invalid keys" > > can anyone tell me if they know how to make the log file entry show that > it was an invalid key? > i only know that it is this from my experience -- when i was using the wrong > key or auth keys file had wrong permission i had only similar entries in my > logs. > i did try to find the answer myself at that time but was unable to. > > thanks in advance! > > > > [1] http://wiki.gentoo.org/wiki/Fail2ban > [2] https://github.com/fail2ban/fail2ban/issues/643 > [3] http://bpaste.net/show/188261/ > > > > hey so i've been doing some digging and for openssh to log public key failures you have to set loglevel to minimum of VERBOSE please see my email to openssh mailing list. [4] is this something that could be implemented as a gentoo specific patch ? if so how would i go about requesting it ? i don't know about you all but i'm a little concerned that ssh is not logging bruteforce public keys, they might be harder to crack but if they are invisible in the logs then this could go on silently for a long time. [4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3
[gentoo-user] ssh authkeys log invalid
Hi all, i was looking up the gentoo wiki on fail2ban [1] to have it look at it's own log file fail2ban.log in order to block repeat offenders for longer as abuse@offender doesn't really seem to help these days. then i saw a warning saying fail2ban not blocking all requests which i followed to github [2] wihch has a paste of his logfiles [3] now this i commented at github saying it looks similar to something i discovered when trying to setup authkeys on ssh - namely invalid keys give you no log file entry saying "invalid keys" can anyone tell me if they know how to make the log file entry show that it was an invalid key? i only know that it is this from my experience -- when i was using the wrong key or auth keys file had wrong permission i had only similar entries in my logs. i did try to find the answer myself at that time but was unable to. thanks in advance! [1] http://wiki.gentoo.org/wiki/Fail2ban [2] https://github.com/fail2ban/fail2ban/issues/643 [3] http://bpaste.net/show/188261/
