Bug 3457

Summary: Not logging login attempts until half of max lets bots try many times
Product: Portable OpenSSH Reporter: ThellraAK
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: security CC: djm
Priority: P5    
Version: 8.9p1   
Hardware: amd64   
OS: Linux   

Description ThellraAK 2022-07-06 17:16:08 AEST 
cat auth.log | grep 46.101.X.Y | grep "preauth" | wc -l
    554

554 failed [preauth] from just today

For 46.101.X.Y number, fail2ban didn't even notice them

    :/var/log# cat fail2ban.log | grep 46.101.X.Y

Comes back with nothing.

I think this is caused by MaxAuthTries defaulting to 6, and only logging after 3 failures, which seems to let an unlimited amount of attempts without logging any failures.
Comment 1 Damien Miller 2022-07-06 17:35:10 AEST 
Set Loglevel=verbose in sshd_config and you will see all attempts.
Comment 2 Damien Miller 2022-10-04 21:59:24 AEDT 
Closing bugs from openssh-9.1 release cycle
Comment 3 Damien Miller 2023-03-17 13:37:03 AEDT 
OpenSSH 9.3 has been released. Close resolved bugs