From 980b0df8296cdec3692482c3efdbfa68036a1114 Mon Sep 17 00:00:00 2001 From: zeripath <art27@cantab.net> Date: Tue, 15 Dec 2020 08:45:13 +0000 Subject: Standardise logging of failed authentication attempts in internal SSH (#13962) Continuing on from #13953 continue to improve and standardise logging from internal SSH. Also updates the fail2ban setup Signed-off-by: Andrew Thornton <art27@cantab.net> --- docs/content/doc/usage/fail2ban-setup.en-us.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'docs/content/doc/usage') diff --git a/docs/content/doc/usage/fail2ban-setup.en-us.md b/docs/content/doc/usage/fail2ban-setup.en-us.md index 5c5bdb9a28..790d4c020b 100644 --- a/docs/content/doc/usage/fail2ban-setup.en-us.md +++ b/docs/content/doc/usage/fail2ban-setup.en-us.md @@ -25,9 +25,27 @@ on a bad authentication from the web or CLI using SSH or HTTP respectively: ```log 2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx ``` + +```log +2020/10/15 16:05:09 modules/ssh/ssh.go:143:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx +``` + +```log +2020/10/15 16:05:09 modules/ssh/ssh.go:155:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx +``` + ```log -2020/10/15 16:05:09 modules/ssh/ssh.go:188:publicKeyHandler() [E] SearchPublicKeyByContent: public key does not exist [id: 0] Failed authentication attempt from xxx.xxx.xxx.xxx +2020/10/15 16:05:09 modules/ssh/ssh.go:198:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx ``` + +```log +2020/10/15 16:05:09 modules/ssh/ssh.go:213:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx +``` + +```log +2020/10/15 16:05:09 modules/ssh/ssh.go:227:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx +``` + ```log 2020/10/15 16:08:44 ...s/context/context.go:204:HandleText() [E] invalid credentials from xxx.xxx.xxx.xxx ``` -- cgit v1.2.3