SSHd not logging Failed publickey attempts

ssh debian debian-squeeze

On Debian Squeeze I have sshd set up to not permit password logins and require key based authentication.

I notice that when I attempt to log in from the WAN into my box with a bad SSH key, I do not get the "Failed publickey...." message in auth.log. I only get "Connection from...." logged and that's it.

When I log in from within my LAN to my box with a bad key, I do get "Failed publickey...." logged. I want to be able to log all failed publickey attempts to SSH.

Does anyone have any advice as to why it's not logging failed keys from the WAN?


Solution 1:

I generally recommend increasing the default logging for sshd.The default loglevel is INFO, which gives you some minimal levels of information, but certainly not all. I recommend cranking that up to VERBOSE which will give you such events as the fingerprint of the key used for authentication, a log message when the user logs off, and should contain the failures that you're interested in.

Edit your /etc/ssh/sshd_config and find the setting for LogLevel. Change that such that it is

LogLevel VERBOSE

Then restart the sshd service.

Related

Accept email with Postfix no matter what domain
Enterprise Level Anti-virus software with these Requirements [closed]
Nginx: expires header not working
Parse/Edit Apache conf files with Ruby?
Link aggregation with DSL and Ethernet, and different ISP's?
No acl on nfs mount in linux?
Windows Server 2008 hangs up while booting
Configure postfix to DKIM-sign emails generated from the system
RRD pdp status value
Does my BIND zone really provide redundancy and load balancing?
lrswipkxtecda in Cyrus
Troubleshooting poor disk IO performance