Date: Tue, 18 Jul 2017 17:13:59 +0930 From: Wayne Sierke <ws@au.dyndns.ws> To: Paul Schmehl <pschmehl_lists@tx.rr.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: sshd logging Message-ID: <1500363839.1558.1.camel@au.dyndns.ws> In-Reply-To: <B7D68041A26D18D97D24F8CA@Pauls-MacBook-Pro.local> References: <C96D90F644C8AD0486EB3C91@Pauls-MacBook-Pro.local> <20170717051638.GB2368@c720-r314251> <alpine.LRH.2.20.1707170636550.28890@sas1.nber.org> <B7D68041A26D18D97D24F8CA@Pauls-MacBook-Pro.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2017-07-17 at 18:35 -0500, Paul Schmehl wrote: > --On July 17, 2017 at 6:38:00 AM -0400 Daniel Feenberg <feenberg@nber > .org> > wrote: > > > > > > > On Mon, 17 Jul 2017, Matthias Apitz wrote: > > > > > El día domingo, julio 16, 2017 a las 10:34:42p. m. -0500, Paul > > > Schmehl > > > escribió: > > > > > > > Is there a way to get sshd to only log successful logins? > > > > > > What about using ipf(8)? > > > > denyhosts or fail2ban would be easier. You'd still get a few lines > > in the > > logs, but only a few. > > > > Thanks, Dan. I'll take a look. > > I've never understood why logging routinely records every failed > interaction. I suppose it's because summarizing it would take more > processing plus some sort of database. Seriously though, why should I > care > about failed logins? It's the successful ones that I need to know > about. I imagine that historically the intensity of unauthorised login attempts carried more significance (or was thought to) than it does now. sshd_config(5) - LogLevel I haven't seen a description of which events are logged at each level, but I have seen a comment that setting it to "ERROR" eliminates the logging of failed attempts. This page suggests an approach that may be of interest: https://blog.stalkr.net/2010/11/login-notifications-pamexec-scripting.html Wayne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1500363839.1558.1.camel>