Date: Fri, 21 Dec 2001 21:54:26 +0200 From: "Dave Raven" <dave@kill-9.za.net> To: "Igor Roshchin" <str@giganda.komkon.org>, <security@freebsd.org> Subject: Re: sshd logging Message-ID: <002f01c18a59$50806a00$3800a8c0@DAVE> References: <200112211810.fBLIAXu71521@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
your defauls (/etc/ssh/) sshd_config file will have this:
LogLevel INFO
change that to
LogLevel DEBUG
and your set.
----- Original Message -----
From: "Igor Roshchin" <str@giganda.komkon.org>
To: <security@freebsd.org>
Sent: Friday, December 21, 2001 8:10 PM
Subject: sshd logging
>
> Hello!
>
>
> I am somewhat confused about sshd writing messages to the syslog.
> On 3.x systems with the sshd installed from ports
> (e.g. sshd version 1.2.27 [i386--freebsd3.5.1] ),
> I have much more verbose logging, then on 4.x systems with the
> "core" openssh (e.g. sshd version OpenSSH_2.3.0 ).
>
> As an example, here is the excerpts from logs on the same type of
> event for 3.x and 4.x systems:
>
> 3.x and sshd 1.2.27:
>
> Dec 21 11:05:36 <auth.info> host3.x sshd[7623]: connect from 210.97.143.20
> Dec 21 11:05:36 <auth.info> host3.x sshd[7623]: log: Connection from
210.97.143.20 port 1257
> Dec 21 11:05:36 <auth.info> host3.x sshd[7623]: log: Could not reverse map
address 210.97.143.20.
> Dec 21 11:05:36 <auth.info> host3.x sshd[7624]: connect from 210.97.143.20
> Dec 21 11:05:36 <auth.info> host3.x sshd[7624]: log: Connection from
210.97.143.20 port 1253
> Dec 21 11:05:36 <auth.info> astra sshd[7624]: log: Could not reverse map
address 210.97.143.20.
> Dec 21 11:05:36 <auth.err> astra sshd[7623]: fatal: Local: Your ssh
version is too old and is no longer supported. Please install a newer
version.
> Dec 21 11:05:36 <auth.err> astra sshd[7624]: fatal: Local: Your ssh
version is too old and is no longer supported. Please install a newer
version.
>
>
> 4.x and OpenSSH_2.3.0:
>
> Dec 21 11:05:26 <auth.info> host4.x sshd[67562]: Disconnecting: Your ssh
version is too old and is no longer supported. Please install a newer
version.
> Dec 21 11:05:39 <auth.info> host4.x sshd[67565]: Disconnecting: Your ssh
version is too old and is no longer supported. Please install a newer
version.
>
>
> I see that the priority of the messages changed between the versions.
> However, even enabling "auth.*" logging does not show the "connect from
.."
> messages.
> In both cases sshd is run as a standalone daemon.
>
> Any ideas/sugggestions as for how to enable this logging in OpenSSH ?
> (Am I just overlooking something obvious ?)
>
> Thanks,
>
> Igor
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002f01c18a59$50806a00$3800a8c0>