On 03/01/12 21:16, Mike Mestnik wrote:
> On 03/01/12 21:00, Bedwell, Jordon wrote:
>> On Thu, Mar 1, 2012 at 8:18 PM, Mike Mestnik wrote:
>>> On 03/01/12 18:57, Russell Coker wrote:
On Fri, 2 Mar 2012, Jordon Bedwell wrote:
>> Run the command below.
>>
>> grep "ssh:1.%.30s@%.128
On 03/01/12 21:00, Bedwell, Jordon wrote:
> On Thu, Mar 1, 2012 at 8:18 PM, Mike Mestnik wrote:
>> On 03/01/12 18:57, Russell Coker wrote:
>>> On Fri, 2 Mar 2012, Jordon Bedwell wrote:
> Run the command below.
>
> grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
>
>>
On Thu, Mar 1, 2012 at 8:18 PM, Mike Mestnik wrote:
> On 03/01/12 18:57, Russell Coker wrote:
>> On Fri, 2 Mar 2012, Jordon Bedwell wrote:
Run the command below.
grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
If you don't get 1 as output, your sshd is comp
On Fri, 2 Mar 2012, Mike Mestnik wrote:
> > I'd like to have OpenSSH log the email address field from a key that was
> > used for login so I could see something like "ssh key
> > russ...@coker.com.au was used to login to account rjc" in my logs.
> >
> From what I know that information(the comment
On 03/01/12 18:57, Russell Coker wrote:
> On Fri, 2 Mar 2012, Jordon Bedwell wrote:
>>> Run the command below.
>>>
>>> grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
>>>
>>> If you don't get 1 as output, your sshd is compromised.
>> It returned 1, this happens on freshly installed
On 03/01/12 18:23, Bedwell, Jordon wrote:
> On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik wrote:
>> On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
>>> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>>>
The problem is I cannot get sshd to log publickey denied errors to
On Fri, 2 Mar 2012, Jordon Bedwell wrote:
> > Run the command below.
> >
> > grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
> >
> > If you don't get 1 as output, your sshd is compromised.
>
> It returned 1, this happens on freshly installed Debian and Ubuntu too
> though, tested
On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik wrote:
> On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
>>
>> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>>
>>>
>>> The problem is I cannot get sshd to log publickey denied errors to
>>> /var/log/auth.log so our daemons can
2012/3/1 Aníbal Monsalve Salazar :
> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>>The problem is I cannot get sshd to log publickey denied errors to
>>/var/log/auth.log so our daemons can ban these users. I want to know
>>what happened to messages like "publickey denied for [u
On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
The problem is I cannot get sshd to log publickey denied errors to
/var/log/auth.log so our daemons can ban these users. I want to know
what happened to messages like "publ
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>The problem is I cannot get sshd to log publickey denied errors to
>/var/log/auth.log so our daemons can ban these users. I want to know
>what happened to messages like "publickey denied for [user] from [ip]"
>I cannot get it to log
On Thu, Mar 1, 2012 at 6:31 AM, Taz wrote:
>>rsaauthentication no
> change this to yes
I'm at a loss, how is setting an option that does not even apply to us
(since we use Protocol 2 and that option is moot for us anyways) going
to fix a logging issue? Perhaps I need to be more explicit and I am
SSH Version: OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010
part of the config:
compression yes
maxauthtries 1
port 22
listenaddress 10.6.18.80
protocol 2
useprivilegeseparation yes
syslogfacility AUTH
loglevel VERBOSE
logingracetime 30
permitrootlogin yes
strictmodes yes
rsaauthentic
13 matches
Mail list logo
