LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 10-08-2012, 05:39 AM   #1
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,435
Blog Entries: 11

Rep: Reputation: 181Reputation: 181
sshd maxauthtries set to one changes log behaviour


Hi folks,

I was playing around with sshd and the maxauthtries option. Tailing the log of auth.log I came upon an oddity. If one logs in with not setting of MaxAuthTries (defaults to 3) I get the following log lines:
Code:
Oct  8 11:45:08 h1211164 sshd[32724]: Accepted password for user from i.p.a.d.r port 53251 ssh2
Oct  8 11:45:08 h1211164 sshd[32724]: pam_unix(sshd:session): session opened for user user by (uid=0)
When I set a value for MaxAuthTries I get the same log lines _but_ when setting it to 1 I get following stuff
Code:
Oct  8 11:45:36 h1211164 sshd[32750]: Failed none for user from i.p.a.d.r port 53252 ssh2
Oct  8 11:45:40 h1211164 sshd[32750]: Accepted password for user from i.p.a.d.r port 53252 ssh2
Oct  8 11:45:40 h1211164 sshd[32750]: pam_unix(sshd:session): session opened for user user by (uid=0)
So we have one more line saying "Failed none for user". As I found out this is normal behavior cause ssh checks with an empty password what kind of authentication method are allowed.

What I really wonder about is why setting a certain value to a certain option changes the logging behavior of sshd?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to have a log for sshd? xpucto Linux - Networking 4 06-03-2008 04:37 AM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 04:59 AM
Log all sshd attempts hbar Debian 2 01-29-2008 03:53 PM
SSHD log? itz2000 Linux - Security 6 11-15-2005 08:39 AM
sshd log -am I in trouble? c_mitulescu Linux - Security 2 12-13-2004 05:27 PM


All times are GMT -5. The time now is 11:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration