show more details in failed attempts in the syslog

Ming-Ching Tiew mingching.tiew at redtone.com
Tue Oct 28 19:06:16 WST 2008


I am wondering if it makes sense to put failed 
attempts to login into the syslog including the
information like user and password ?

Right now it only logs information that there 
is a failed attempt when there is invalid user. 

The motivation for writing these information into
syslog is to figure out if there is an auditable trail
of the brute force attempts ( example dictionary attack )
or just the user forgot the password.

I supposed the downside this scheme is that 
whoever got hold of read access to the log 
will know what is considered invalid attempts ?

Any comments ?



More information about the Dropbear mailing list