Bug 432 - AIX does not log login attempts for unknown users
Summary: AIX does not log login attempts for unknown users
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: PPC AIX
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-11-08 11:48 AEDT by Darren Tucker
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:


Attachments
Call loginfailed() on AIX for unknown usernames (542 bytes, patch)
2002-11-08 11:50 AEDT, Darren Tucker
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Darren Tucker 2002-11-08 11:48:46 AEDT
A login attempt by an unknown user (eg via telnet) normally gets logged as:

syslog: pts/4: failed login attempt for UNKNOWN_USER from my.host.com

This is generated by a call to loginfailed(), which substitutes UNKNOWN_HOST for 
the username if it doesn't exist.

AIX never finds out about it because getpwnamallow returns as soon as it finds 
no passwd entry. Following patch calls loginfailed before returning. It 
generates:

syslog: ssh: failed login attempt for UNKNOWN_USER from my.host.com
Comment 1 Darren Tucker 2002-11-08 11:50:41 AEDT
Created attachment 176 [details]
Call loginfailed() on AIX for unknown usernames
Comment 2 Ben Lindstrom 2002-11-10 03:12:13 AEDT
Applied, Thanks to --current
Comment 3 Damien Miller 2004-04-14 12:24:18 AEST
Mass change of RESOLVED bugs to CLOSED