From owner-freebsd-security Sat Jun 28 06:58:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id GAA20400 for security-outgoing; Sat, 28 Jun 1997 06:58:50 -0700 (PDT) Received: from shadows.aeon.net (bsdsec@shadows.aeon.net [194.100.41.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA20394 for ; Sat, 28 Jun 1997 06:58:46 -0700 (PDT) Received: (from bsdsec@localhost) by shadows.aeon.net (8.8.5/8.8.3) id QAA24251; Sat, 28 Jun 1997 16:58:18 +0300 (EET DST) From: mika ruohotie Message-Id: <199706281358.QAA24251@shadows.aeon.net> Subject: Re: SSHD from Inetd In-Reply-To: <19970627100539.54789@darkwing.pacific.net.sg> from Ng Pheng Siong at "Jun 27, 97 10:05:39 am" To: ngps@pacific.net.sg (Ng Pheng Siong) Date: Sat, 28 Jun 1997 16:58:18 +0300 (EET DST) Cc: james@nexis.net, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > Denied connections were logged, allowed ones weren't, IIRC. > > > Not good enough for me, so I'm running sshd out of inetd. > Well, as a matter of taste I prefer to keep all the access control stuff > in one file, and I've always used the extended language option for > tcpwrappers. hmm... pardon me if i'm not really understanding what you want to do... my out from the box sshd logs the incoming connections well, all i did was add line to /etc/syslog.conf auth.* goes to it's own file auth.all (and is rotated once a month) sample output from sshd: Jun 28 16:49:07 shadows sshd[24172]: log: Connection from 194.111.220.20 port 1019 Jun 28 16:49:18 shadows sshd[24172]: debug: Client protocol version 1.5; client software version 1.2.20 Jun 28 16:49:18 shadows sshd[24172]: debug: Sent 768 bit public key and 1024 bit host key. Jun 28 16:49:18 shadows sshd[24172]: debug: Encryption type: idea Jun 28 16:49:18 shadows sshd[24172]: debug: Received session key; encryption turned on. Jun 28 16:49:18 shadows sshd[24172]: debug: Attempting authentication for soap. Jun 28 16:49:18 shadows sshd[24172]: debug: Trying rhosts with RSA host authentication for soap Jun 28 16:49:18 shadows sshd[24172]: debug: RhostsRSA authentication failed for 'soap', remote 'soap', host 'beasty-boys.supsys.fi'. Jun 28 16:49:23 shadows sshd[24172]: debug: Password authentication for soap failed. Jun 28 16:49:23 shadows sshd[24172]: fatal: Connection closed by remote host. Jun 28 16:49:23 shadows sshd[24172]: debug: Calling cleanup 0x104c0(0x0) Jun 28 16:49:25 shadows sshd[24174]: log: Connection from 194.111.220.20 port 1018 Jun 28 16:49:25 shadows sshd[24171]: debug: Forked child 24174. Jun 28 16:49:25 shadows sshd[24174]: debug: Client protocol version 1.5; client software version 1.2.19 Jun 28 16:49:25 shadows sshd[24174]: debug: Sent 768 bit public key and 1024 bit host key. Jun 28 16:49:25 shadows sshd[24174]: debug: Encryption type: idea Jun 28 16:49:26 shadows sshd[24174]: debug: Received session key; encryption turned on. Jun 28 16:49:26 shadows sshd[24174]: debug: Attempting authentication for soap. Jun 28 16:49:26 shadows sshd[24174]: debug: Trying rhosts with RSA host authentication for soap Jun 28 16:49:26 shadows sshd[24174]: debug: RhostsRSA authentication failed for 'soap', remote 'soap', host 'beasty-boys.supsys.fi'. Jun 28 16:49:49 shadows sshd[24174]: log: Password authentication for soap accepted. Jun 28 16:49:49 shadows sshd[24174]: debug: Allocating pty. Jun 28 16:49:49 shadows sshd[24174]: debug: Forking shell. Jun 28 16:49:49 shadows sshd[24174]: debug: Entering interactive session. Jun 28 16:49:50 shadows sshd[24176]: login_getclass: unknown class '00^B' Jun 28 16:49:53 shadows sshd[24174]: debug: Received SIGCHLD. Jun 28 16:49:53 shadows sshd[24174]: debug: End of interactive session; stdin 5, stdout (read 824, sent 824), stderr 0 bytes. Jun 28 16:49:53 shadows sshd[24174]: debug: pty_cleanup_proc called Jun 28 16:49:53 shadows sshd[24174]: debug: Command exited with status 0. Jun 28 16:49:53 shadows sshd[24174]: debug: Received exit confirmation. Jun 28 16:49:53 shadows sshd[24174]: log: Closing connection to 194.111.220.20 i run sshd as standalone, as suggested. fascistlogging turned on. if that's not enough, i dont know what you want. sure, it's bit "vocal". i also have still that unknown class thing, even though both my /etc files and ssh are upgraded multiple times to match the rest of the system, since i run -current i have to do that often. mickey