2012/3/1 Aníbal Monsalve Salazar <ani...@debian.org>: > On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote: >>The problem is I cannot get sshd to log publickey denied errors to >>/var/log/auth.log so our daemons can ban these users. I want to know >>what happened to messages like "publickey denied for [user] from [ip]" >>I cannot get it to log those messages at all no matter the logging >>level. > > Run the command below. > > grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $? > > If you don't get 1 as output, your sshd is compromised.
It returned 1, this happens on freshly installed Debian and Ubuntu too though, tested it on Ubuntu too. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAN5oe=2yqynmr5m7xohrzuto_xsfiqrpvbb+xnkbiyghvnd...@mail.gmail.com
