On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
The problem is I cannot get sshd to log publickey denied errors to
/var/log/auth.log so our daemons can ban these users. I want to know
what happened to messages like "publickey denied for [user] from [ip]"
I cannot get it to log those messages at all no matter the logging
level.
The chroot dosn't have a socket to log to...
Have syslog listen on something like: /var/run/sshd/dev/log
Run the command below.
grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
If you don't get 1 as output, your sshd is compromised.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f4fe73d.7020...@mikemestnik.net
