Fix /var/log/auth.log Not Logging Failed SSH Attempts

authenticationloggingssh

I'm trying to go failed (either incorrect username, password, or both) on my server.

I changed /etc/ssh/sshd_config from

# Logging
SyslogFacility AUTH 
LogLevel INFO

# Logging
SyslogFacility AUTH 
LogLevel VERBOSE

and have since tried multiple ssh attempts with both existing and non-exisiting users with random passwords thus failing. When checking /var/log/auth.log nothing appears and it is entirely blank.

What am I missing? Does some other process need to also be install and running on my system? I'm running Ubuntu.

Any help or guidance on this matter is more than welcome.

Thanks

Best Answer

The LogLevel generally (apparently application dependent) refers to one of the defined severity levels supported by the system logging process (syslog). So change it back and restart the sshd server.

Now if you are not getting the output, you need to look at the system /etc/syslog.conf and see what MINIMUM loglevel the AUTH type of requests are being logged and to what file. The errors might be going to a different log file. OR you might not be logging these errors due to the syslog.conf configuration for the AUTH service. For more information consult the man pages on and syslog.conf.

Related Solutions

Linux – Debian: logging of SSH failed login attempts

You can (by default) check for these failures in /var/log/auth.log

Ubuntu SSH Login – Permission Denied, Please Try Again

Are you certain that the user account you're attempting to access is correctly configured? If you log in as root on the system, can you su to the user account?

# su - username

What do you see in your logs after a failed connection attempt? On many systems, sshd will log to something /var/log/secure or /var/log/auth.log. Also, I note that you have PasswordAuthentication enabled but ChallengeResponseAuthentication disabled. Do you see the same behavior if you enable ChallengeResponseAuthentication?

Here are some general diagnostic steps to use when you have ssh problems:

Enable verbose diagnostics in ssh:
```
ssh -v host.example.com
```
This will cause the client to output a variety of diagnostic messages as it negotiates the connection. This will often provide a clue to the problem.
Run the server in debug mode.

On your server, stop sshd, then run it from the command line like this:
```
/usr/sbin/sshd -d
```
This will produce verbose debug logging on stderr that will very often contain useful information.

If neither of these helps you figure out what's going on, would you add the output to your question?

Best Answer

Related Solutions

Linux – Debian: logging of SSH failed login attempts

Ubuntu SSH Login – Permission Denied, Please Try Again

Related Topic