sshd logging attempts to login without a private key

ssh security authentication logging

Solution 1:

The answer to your question is No. At least, not without taking heroic measures (e.g., running DEBUG level and processing it with scripts) that are much harder than some sensible alternatives. That same [preauth] error is reported for no key or an invalid key.

On the other hand, if they actually connect, your log will say explicitly

Jul  7 15:59:38 ws6 sshd[9578]: Accepted password for robohacker...

or

Jul  7 15:59:38 ws6 sshd[9578]: Accepted publickey for robohacker...

What you can usefully do is further harden your config. You've already required a key, you can also use the AllowUsers and AllowGroups commands to prevent connection by anyone not specifically authorized.

Personally, I always install DenyHosts, although it doesn't appear to have recent updates. I've heard that Fail2Ban is also good

Solution 2:

You can use a "cheat" - in your /etc/pam.d/ssh(d) in the auth section you can add a log statement (pam_log) before the pam_unix or @include common-auth statements. If this statement is hit, then a password authentication has been attempted.

Related

ElasticSearch Server Randomly Stops Working
SPDY & Nginx upload issues
Getting IOPS of the processes on Linux
Memcached keeps increasing cpu ussage
Redis connection issue
Understanding the Apache server-status page [duplicate]
Best practice for printer ACLs
Closed-form of $\int\limits_0^1\left(\frac{\left(x^2+1\right)\arcsin(x)}{\sqrt{1-x^2}}+2x\ln\left(x^2+1\right)\right)\frac{\ln x}{x^3+x}\,dx$
How to solve an exponential and logarithmic system of equations?
Intermediate digits of 34! [duplicate]
The last (and the weirdest) problem from Chen`s "Brief Introduction to Olympiad Inequalities"
Given a 95% confidence interval why are we using 1.96 and not 1.64?