From owner-freebsd-questions Wed Feb 13 11: 1:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from post.mail.nl.demon.net (post-10.mail.nl.demon.net [194.159.73.20]) by hub.freebsd.org (Postfix) with ESMTP id C29E137B405 for ; Wed, 13 Feb 2002 11:01:21 -0800 (PST) Received: from [212.238.194.207] (helo=mailhost.raggedclown.net) by post.mail.nl.demon.net with esmtp (Exim 3.33 #1) id 16b4ee-0001mu-00 for freebsd-questions@freebsd.org; Wed, 13 Feb 2002 19:01:20 +0000 Received: from angel.raggedclown.net (angel.raggedclown.intra [192.168.1.7]) by mailhost.raggedclown.net (Ragged Clown Mail Gateway [buffy]) with ESMTP id 65FFB13040 for ; Wed, 13 Feb 2002 20:01:19 +0100 (CET) Received: by angel.raggedclown.net (Ragged Clown Host [angel], from userid 1001) id A736B22590; Wed, 13 Feb 2002 20:01:19 +0100 (CET) Date: Wed, 13 Feb 2002 20:01:19 +0100 From: Cliff Sarginson To: freebsd-questions@freebsd.org Subject: Re: SSH security logs Message-ID: <20020213190119.GC1009@raggedclown.net> References: <4.2.0.58.20020211030913.00984700@pop.netzero.net> <19813106446.20020213185314@cybertron.tmfweb.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <19813106446.20020213185314@cybertron.tmfweb.nl> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Feb 13, 2002 at 06:53:14PM +0100, Alex wrote: > Hello Lord, > > Monday, February 11, 2002, 9:12:25 AM, you wrote: > > LR> Ok, super stupid question. Where are the logs for the SSH daemon? I'm > LR> trying to find out login success's and failures, as well as source IP's > LR> from which the attempt to connect and login happened, and once I lock down > LR> the SSH daemon to only accept clients who have the correct private key, I > LR> want to also know about successful and failed ssh connect's (aka those that > LR> had the key and connected successfully, and those that didn't.) with source > LR> IP's as well. Thanks again. > If you read "man 8 sshd" it explains the log possibilities with sshd. By default it logs messages as type "AUTH". You need to adjust /etc/ssh/sshd_config to reflect what you want and then make appropriate changes to /etc/syslog.conf to reflect where you want to see the messages (man 5 syslog.conf). -- Regards Cliff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message