Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Jul 2017 09:37:45 -0500 (CDT)
From:      "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To:        "Paul Schmehl" <pschmehl_lists@tx.rr.com>
Cc:        "FreeBSD Questions" <freebsd-questions@freebsd.org>
Subject:   Re: sshd logging
Message-ID:  <29290.128.135.52.6.1500388665.squirrel@cosmo.uchicago.edu>
In-Reply-To: <B7D68041A26D18D97D24F8CA@Pauls-MacBook-Pro.local>
References:  <C96D90F644C8AD0486EB3C91@Pauls-MacBook-Pro.local> <20170717051638.GB2368@c720-r314251> <alpine.LRH.2.20.1707170636550.28890@sas1.nber.org> <B7D68041A26D18D97D24F8CA@Pauls-MacBook-Pro.local>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Mon, July 17, 2017 6:35 pm, Paul Schmehl wrote:
> --On July 17, 2017 at 6:38:00 AM -0400 Daniel Feenberg <feenberg@nber.org>
> wrote:
>
>>
>>
>> On Mon, 17 Jul 2017, Matthias Apitz wrote:
>>
>>> El día domingo, julio 16, 2017 a las 10:34:42p. m. -0500, Paul Schmehl
>>> escribió:
>>>
>>>> Is there a way to get sshd to only log successful logins?
>>>
>>> What about using ipf(8)?
>>
>> denyhosts or fail2ban would be easier. You'd still get a few lines in
>> the
>> logs, but only a few.
>>

I use sshguard (you may want to look also at sshguard-ipfw, sshguard-pf).
ssh is not the only service sshguard can protect. Just one more option.

Valeri

>
> Thanks, Dan. I'll take a look.
>
> I've never understood why logging routinely records every failed
> interaction. I suppose it's because summarizing it would take more
> processing plus some sort of database. Seriously though, why should I care
> about failed logins? It's the successful ones that I need to know about.
>
> Paul Schmehl, Retired
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?29290.128.135.52.6.1500388665.squirrel>