From owner-freebsd-questions@FreeBSD.ORG Tue Aug 19 12:12:03 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E39691065710 for ; Tue, 19 Aug 2008 12:12:03 +0000 (UTC) (envelope-from michael.grant@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id 9D40A8FC2F for ; Tue, 19 Aug 2008 12:12:03 +0000 (UTC) (envelope-from michael.grant@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so1566199yxb.13 for ; Tue, 19 Aug 2008 05:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:in-reply-to:mime-version:content-type:references :x-google-sender-auth; bh=JqciXxxbPcbndCEJIJ4foPevUmClcfMLXpFi8PRB9+Q=; b=ToIXEl2BXwyAUSYBratPddVaQPEbR7863usjorJRtQkmvfAd4Q+6Xlg5sqsX2osCd1 Ve5mWRTDIWK1t47QBX8v4YwBnFay1WcGUsUIC7C2nUc/SmIzvZdNlymNtuFdNsDTxoZE iAXYZAnavS86oezjtKTYtUgTSvLkA8lmpFJEI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=ZGYsRgXjTO39GDRkflNOgQrKBwuMo6nE1nJnrvIhylmBLKDEM7bOMvI/5z2ZfV7r2O evRG/H94HLbNMY0LUi6Dg5dsMM+QiKStlBwcc7dNNNS9aolcIksJ+oDlU8jgFk0J1BzF PEeu0op4rCEDPA5kbxu2aLCVXsT13aDQ8UsJk= Received: by 10.142.214.11 with SMTP id m11mr2486794wfg.69.1219147922162; Tue, 19 Aug 2008 05:12:02 -0700 (PDT) Received: by 10.142.246.7 with HTTP; Tue, 19 Aug 2008 05:12:02 -0700 (PDT) Message-ID: <62b856460808190512v1782113eic15a61488280d41b@mail.gmail.com> Date: Tue, 19 Aug 2008 14:12:02 +0200 From: "Michael Grant" Sender: michael.grant@gmail.com To: "FreeBSD Questions" In-Reply-To: <62b856460808190502x3a75c3c5p87cd4f9e5a7ddb26@mail.gmail.com> MIME-Version: 1.0 References: <62b856460808190502x3a75c3c5p87cd4f9e5a7ddb26@mail.gmail.com> X-Google-Sender-Auth: 9cd958b4f74f88b1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: getting pam to put the ip address in the log X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Aug 2008 12:12:04 -0000 On Tue, Aug 19, 2008 at 2:02 PM, Michael Grant wrote: > Recently I have been seeing lots of connections to my sshd trying to guess > passwords. One thing I noticed was the hostname reported in the auth.log > without reverse dns. sshd never puts in the ip address, this is all I see: > > sshd[14450]: error: PAM: authentication error for illegal user access from > host1.xxx.br > > Is it possible to get pam or sshd or whatever is ultimatly logging this to > put the ip address in the log so I can see where this is really coming from? > > Michael Grant > Ths seems to work: Put this in /etc/ssh/sshd_config: UseDNS no