Date: Mon, 16 Sep 2013 13:29:59 -0400 From: Rick Miller <vmiller@hostileadmin.com> To: aurikus grande <aurikus@gmail.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: how to log sshd access in a single file Message-ID: <CAHzLAVE96vJK3ni1=WoSbiChODa7PhWhghLOKTXHNw9qnVM3=A@mail.gmail.com> In-Reply-To: <CAPzqM6Duoe5qOPevqHPrXG=%2Bq5u=AYrBe88yKH5ksAx76ac=aw@mail.gmail.com> References: <CAPzqM6D=hy9P-N3TwLZQAbPp4bU_Sp57-LN-DmLaBkD_3jQSTg@mail.gmail.com> <CAHzLAVH%2BDU67cYt9vQB9BSRor8HgsL=A_HxFGbXpPaG-0ukEFQ@mail.gmail.com> <CAPzqM6Duoe5qOPevqHPrXG=%2Bq5u=AYrBe88yKH5ksAx76ac=aw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Aurikus, Selecting "Reply all" when replying to messages on the list allows the entire list to benefit from the discussion. On Mon, Sep 16, 2013 at 11:05 AM, aurikus grande <aurikus@gmail.com> wrote: > Hello Rick. > > thanks a lot for your quick reply. > > Does your recommendation - to use syslog.conf mean instead - that i cant > accomplish what i want with hosts.allow and twist ? > I am unfamiliar with twist and cannot authoritatively answer this question. Not to mention, it does not appear to be in base I=B4m still reading through the man pages and try to understand how to > configure syslog.conf. > I recommended syslog, because it is the stock logging mechanism for FreeBSD= . On my 9.1 system, /etc/syslog.conf contains: auth.info;authpriv.info /var/log/auth.log These facilities are both logging to /var/log/auth.log. Your stated goal was logging of failed ssh attempts to your host. The above line in syslog.conf accomplishes this by sending the message to /var/log/auth.log. TCPWrappers will have no effect on logging of failed ssh attempts unless sshd is configured to run via inetd. I recommend pf or ipfw for filtering access to ssh. --=20 Take care Rick Miller
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHzLAVE96vJK3ni1=WoSbiChODa7PhWhghLOKTXHNw9qnVM3=A>