Date: Mon, 17 Jul 2017 18:35:14 -0500 From: Paul Schmehl <pschmehl_lists@tx.rr.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: sshd logging Message-ID: <B7D68041A26D18D97D24F8CA@Pauls-MacBook-Pro.local> In-Reply-To: <alpine.LRH.2.20.1707170636550.28890@sas1.nber.org> References: <C96D90F644C8AD0486EB3C91@Pauls-MacBook-Pro.local> <20170717051638.GB2368@c720-r314251> <alpine.LRH.2.20.1707170636550.28890@sas1.nber.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On July 17, 2017 at 6:38:00 AM -0400 Daniel Feenberg <feenberg@nber.org>=20 wrote: > > > On Mon, 17 Jul 2017, Matthias Apitz wrote: > >> El d=C3=ADa domingo, julio 16, 2017 a las 10:34:42p. m. -0500, Paul = Schmehl >> escribi=C3=B3: >> >>> Is there a way to get sshd to only log successful logins? >> >> What about using ipf(8)? > > denyhosts or fail2ban would be easier. You'd still get a few lines in the > logs, but only a few. > Thanks, Dan. I'll take a look. I've never understood why logging routinely records every failed=20 interaction. I suppose it's because summarizing it would take more=20 processing plus some sort of database. Seriously though, why should I care=20 about failed logins? It's the successful ones that I need to know about. Paul Schmehl, Retired As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B7D68041A26D18D97D24F8CA>