[Secure-testing-team] Bug#626112: openssh-server: ssh doesn't log some failed authentications to auth.log anymore
Christoph Anton Mitterer
calestyo at scientia.net
Sun May 8 22:15:19 UTC 2011
Package: openssh-server
Version: 1:5.8p1-4
Severity: grave
Tags: security
Justification: user security hole
Hi.
For *some* failed connections ssh seems to put no logging into auth.log anymore.
This can be quite security relevant when using e.g. fail2ban which relies on this.
Only some (types?) of connections seem to be affected, as I still see few IPs
that get banned by fail2ban.
But when I e.g. go to another host of mine, and try repeatedly to login, they don't
get banned (as nothing appears in the logs).
I tried both, hosts where a ~/.ssh/id_rsa* was in place and not.
Attached is my sshd's configuration. Please ask for mor information if you need any.
Cheers,
Chris.
-- debconf information:
ssh/vulnerable_host_keys:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
-------------- next part --------------
ListenAddress lo.localhost
ListenAddress lo.ip6-localhost
ListenAddress localhost.localhost
ListenAddress eth0.localhost
#ListenAddress eth0.ip6-localhost
AllowUsers root
#PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
RSAAuthentication no
Protocol 2
Ciphers aes256-cbc,aes192-cbc,aes128-cbc,aes256-ctr,aes192-ctr,aes128-ctr,blowfish-cbc
MACs hmac-sha1,hmac-ripemd160
ClientAliveInterval 30
TCPKeepAlive no
AcceptEnv LANG LC_*
X11Forwarding yes
Subsystem sftp /usr/lib/openssh/sftp-server
More information about the Secure-testing-team
mailing list