LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   sshd maxauthtries set to one changes log behaviour (https://www.linuxquestions.org/questions/linux-software-2/sshd-maxauthtries-set-to-one-changes-log-behaviour-4175431087/)

zhjim 10-08-2012 05:39 AM
sshd maxauthtries set to one changes log behaviour
 
Hi folks,

I was playing around with sshd and the maxauthtries option. Tailing the log of auth.log I came upon an oddity. If one logs in with not setting of MaxAuthTries (defaults to 3) I get the following log lines:
Code:
Oct  8 11:45:08 h1211164 sshd[32724]: Accepted password for user from i.p.a.d.r port 53251 ssh2
Oct  8 11:45:08 h1211164 sshd[32724]: pam_unix(sshd:session): session opened for user user by (uid=0)
When I set a value for MaxAuthTries I get the same log lines _but_ when setting it to 1 I get following stuff
Code:
Oct  8 11:45:36 h1211164 sshd[32750]: Failed none for user from i.p.a.d.r port 53252 ssh2
Oct  8 11:45:40 h1211164 sshd[32750]: Accepted password for user from i.p.a.d.r port 53252 ssh2
Oct  8 11:45:40 h1211164 sshd[32750]: pam_unix(sshd:session): session opened for user user by (uid=0)
So we have one more line saying "Failed none for user". As I found out this is normal behavior cause ssh checks with an empty password what kind of authentication method are allowed.

What I really wonder about is why setting a certain value to a certain option changes the logging behavior of sshd?


All times are GMT -5. The time now is 10:11 AM.