Bug 3457 - Not logging login attempts until half of max lets bots try many times
Summary: Not logging login attempts until half of max lets bots try many times
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 8.9p1
Hardware: amd64 Linux
: P5 security
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-06 17:16 AEST by ThellraAK
Modified: 2023-03-17 13:37 AEDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ThellraAK 2022-07-06 17:16:08 AEST 
cat auth.log | grep 46.101.X.Y | grep "preauth" | wc -l
    554

554 failed [preauth] from just today

For 46.101.X.Y number, fail2ban didn't even notice them

    :/var/log# cat fail2ban.log | grep 46.101.X.Y

Comes back with nothing.

I think this is caused by MaxAuthTries defaulting to 6, and only logging after 3 failures, which seems to let an unlimited amount of attempts without logging any failures.
Comment 1 Damien Miller 2022-07-06 17:35:10 AEST 
Set Loglevel=verbose in sshd_config and you will see all attempts.
Comment 2 Damien Miller 2022-10-04 21:59:24 AEDT 
Closing bugs from openssh-9.1 release cycle
Comment 3 Damien Miller 2023-03-17 13:37:03 AEDT 
OpenSSH 9.3 has been released. Close resolved bugs