Date: Mon, 18 Sep 2023 08:28:24 -0700 From: Doug Hardie <bc979@lafn.org> To: "Dan Mahoney (Gushi)" <freebsd@gushi.org> Cc: questions@freebsd.org Subject: Re: Quieting SSHd messages to the console Message-ID: <24821824-E2D8-42BF-BDD8-C5230F96BEF3@sermon-archive.info> In-Reply-To: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org> References: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sep 18, 2023, at 03:06, Dan Mahoney (Gushi) <freebsd@gushi.org> = wrote: >=20 > All, >=20 > Sometimes, like when doing an upgrade on my system, I want to use the = console. >=20 > I want to get a message on the console when a user su's (auth.notice). = That seems pretty critical. >=20 > I do not want to get logs on the console for every other ssh session = that fails to complete because the internet is full of bots. >=20 > Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: = Fssh_kex_exchange_identification: Connection closed by remote host >=20 > Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: = Authentication error for illegal user test from 78.38.71.249 >=20 > What goes to the console in /etc/syslog.conf is: >=20 > *.err;kern.warning;auth.notice;mail.crit /dev/console >=20 > Is there a way to say "everything else.err, but not auth.err"? I resolved that issue by changing the port sshd uses. I first did that = over 10 year ago and have not seen any unexpected log entries since. = However, it does require altering the sshd.config file for every system = you use and changing the ssh defaults on all the clients. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24821824-E2D8-42BF-BDD8-C5230F96BEF3>