-1

Is there a way to catch the openssh key based authentication failure? I am looking for an option, where some custom "error handling like alarms" to be raised whenever a ssh key based authentication fails for a certain user.

I know that the key based authentication is done by openssh, I wanted to know if there is any option, where in I can plug in my error handling/reporting code which will be called when the authentication fails.

Any pointers on how this can be done? Any way for this failure to caught by some application process?

Nagarjuna Reddy
  • 24
  • 4
  • 1
    You need to give a lot more context. What language and library are you using? [Post your current code](/help/mcve). Are you even talking about an SSH client, rather than an SSH server (in which case, what does this have to do with programming?)? – Gilles 'SO- stop being evil' Dec 20 '16 at 12:41
  • The context is that I have requirement where I need to do some proprietary error handling when an SSH access fails for a user who is supposed to use only key based authentication. Now I am looking for a design idea on how to plug in my proprietary error handling/reporting when the authentication fails. – Nagarjuna Reddy Dec 20 '16 at 16:26
  • You still aren't even saying whether you're looking at the server or the client. You need to give a lot more context. – Gilles 'SO- stop being evil' Dec 20 '16 at 17:48
  • Configure `sshd` to only accept key-based authentication. Then, by definition, any authentication failure from `sshd` logged through your normal syslog channels will be a 'key based authentication failure' – twalberg Dec 20 '16 at 18:52
  • The requirement is to do some proprietary error reporting upon the authentication failure. I have a piece of code, which needs to be called when the key base authentication failure is seen. – Nagarjuna Reddy Dec 21 '16 at 04:54

1 Answers1

1

No. OpenSSH does not support any way to plug your error handling. But the failed login attempts are recorded in error log or in audit (on RHEL/Fedora), where you can simply differentiate the user, authentication type and react accordingly.

This is very similar as the way fail2ban does it (it reads error logs). But I don't know what are you trying to achieve. Failed publickey authentication is quite common (most of the clients are sending public keys tests to all servers they are trying to access and therefore you can see a lot of these events).

Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • Thanks, yes fail2bin is working this way. We have a strange internal requirement which requires such a solution for some specific users. – Nagarjuna Reddy Dec 22 '16 at 06:54