Login failures usefulness with OpenSSH 6.1

Jason Hellenthal jhellenthal at dataix.net
Mon May 6 00:14:53 UTC 2013


Hello everyone,

It seems that the login failures reported by the security output of a nightly periodic job has become somewhat useless per OpenSSH 6.1.

I used to get username and IP address in the output but it seems that the logging format has changed. Instead of one line the log format now has two lines. One like the ones below and then another coinciding line that contains IP address and username.

I think it would be more beneficial outputting the lines with the ip and username over the ones below for the security output.

Not sure exactly when this changed but would like to gather some input before I inspect further on the changes that would have to be made.

My output is from SVN FreeBSD STABLE 8.3 as of yesterday.


Thanks & Clean Regards,

...Sample output...

login failures:
May  4 00:04:35 disbatch sshd[48898]: fatal: Write failed: Operation not permitted
May  4 14:54:14 disbatch sshd[9544]: input_userauth_request: invalid user root [preauth]
May  4 18:44:04 disbatch sshd[18326]: fatal: Read from socket failed: Connection reset by peer [preauth]

-- 
 Jason Hellenthal
 JJH48-ARIN
 -(2^(N-1))



More information about the freebsd-stable mailing list