From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 19 12:03:02 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 173621065671
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Aug 2008 12:03:02 +0000 (UTC)
	(envelope-from michael.grant@gmail.com)
Received: from hs-out-0708.google.com (hs-out-0708.google.com [64.233.178.244])
	by mx1.freebsd.org (Postfix) with ESMTP id C72028FC2B
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Aug 2008 12:03:01 +0000 (UTC)
	(envelope-from michael.grant@gmail.com)
Received: by hs-out-0708.google.com with SMTP id h53so1246437hsh.11
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Aug 2008 05:03:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender
	:to:subject:mime-version:content-type:x-google-sender-auth;
	bh=MzK9BG091i9PF6rV/2qR0oCKzyJYYG8i7OueS3WAdFM=;
	b=vG9G/FtYWIksgcS+vYRL4pvuCf5EgkdhWExJIGP6OYKNCm4wiGennCIUmN6pC6V8LO
	ZaVws6/V2ad85FNyU35R9CESqJM0tYXtJDlHhMw+76xfkw9kfD58kCdM89loo9XCiGWp
	OJxpR/koNrLHHptVp/bbqiSNuGpYK3ptEydLE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:sender:to:subject:mime-version:content-type
	:x-google-sender-auth;
	b=gvcn6Sa09TTaEQSSd8Fi72zFpQLV5fngnM71CskYyHaShduSy6O4fjv7pnrQHv1Eyx
	bRBSpmfRL7/iwSxe5dfmIEBqvaxUSf0KDNP6uSxUeb0LhqxTxI/EPwDfOAgqcGyLcUNU
	wz5GvO/A2pYa/RFpWOEma5Nf2nr9g5aE63HqA=
Received: by 10.143.18.21 with SMTP id v21mr2483726wfi.185.1219147379776;
	Tue, 19 Aug 2008 05:02:59 -0700 (PDT)
Received: by 10.142.246.7 with HTTP; Tue, 19 Aug 2008 05:02:59 -0700 (PDT)
Message-ID: <62b856460808190502x3a75c3c5p87cd4f9e5a7ddb26@mail.gmail.com>
Date: Tue, 19 Aug 2008 14:02:59 +0200
From: "Michael Grant" <mgrant@grant.org>
Sender: michael.grant@gmail.com
To: "FreeBSD Questions" <freebsd-questions@freebsd.org>
MIME-Version: 1.0
X-Google-Sender-Auth: e8f9cea801ae4bcc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: getting pam to put the ip address in the log
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2008 12:03:02 -0000

Recently I have been seeing lots of connections to my sshd trying to guess
passwords.  One thing I noticed was the hostname reported in the auth.log
without reverse dns.  sshd never puts in the ip address, this is all I see:

sshd[14450]: error: PAM: authentication error for illegal user access from
host1.xxx.br

Is it possible to get pam or sshd or whatever is ultimatly logging this to
put the ip address in the log so I can see where this is really coming from?

Michael Grant