<snip> with more and more bruteforce toys being available online I do wonder if this kind of thing really ought to be at a higher volume to alert that unknown keys are being used on systems. with lost/stolen keys I would imagine most people would delete and recreate rather than making use of RevokedKeys, and so not know if folks are silently trying to connect to their hosts. I do appreciate though that many machines will try their public keys first and thus possibly create unnecessary noise in logs. </snip> Reproducible: Always Steps to Reproduce: 1.emerge openssh 2.configure for public key 3.use wrong identity 4.see connection but not failure in log Actual Results: sshd syslog shows connection but not failure Expected Results: sshd logs "failed public key for user root" or "public key not found" can this be made a gentoo specific patch while waiting for upstream
maybe if not a patch a warning on emerge openssh that you must have loglevel verbose as a minimum if you intend to use publickeys to catch bad guys
i don't think we want to turn up the log level to verbose by default, and i don't really want to maintain a patch for this, so elog is about the only thing we'd add at this point in time
requests for changes to the default logging behavior should go here: https://bugzilla.mindrot.org/
