Package: ssh Severity: normal If atatckers attempt to log in using invalid users/passwords then sshd adds a line to that effect to the log. But if they are using public keys that are not allowed then nothing is added.
This means that if a system is still allowing "vulnerable" keys then an attacker can brute-force a login by trying all such in turn, and the sysadmin will never notice this even if they review their logs. Packages like fail2ban and denyhosts rely on the log file contianing details of unsucessful login attempts. #75043 is related. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.29-xen Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
