Date: Sat, 28 Jun 1997 16:58:18 +0300 (EET DST) From: mika ruohotie <bsdsec@shadows.aeon.net> To: ngps@pacific.net.sg (Ng Pheng Siong) Cc: james@nexis.net, freebsd-security@FreeBSD.ORG Subject: Re: SSHD from Inetd Message-ID: <199706281358.QAA24251@shadows.aeon.net> In-Reply-To: <19970627100539.54789@darkwing.pacific.net.sg> from Ng Pheng Siong at "Jun 27, 97 10:05:39 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Denied connections were logged, allowed ones weren't, IIRC. > > > Not good enough for me, so I'm running sshd out of inetd. > Well, as a matter of taste I prefer to keep all the access control stuff > in one file, and I've always used the extended language option for > tcpwrappers. hmm... pardon me if i'm not really understanding what you want to do... my out from the box sshd logs the incoming connections well, all i did was add line to /etc/syslog.conf auth.* goes to it's own file auth.all (and is rotated once a month) sample output from sshd: Jun 28 16:49:07 shadows sshd[24172]: log: Connection from 194.111.220.20 port 1019 Jun 28 16:49:18 shadows sshd[24172]: debug: Client protocol version 1.5; client software version 1.2.20 Jun 28 16:49:18 shadows sshd[24172]: debug: Sent 768 bit public key and 1024 bit host key. Jun 28 16:49:18 shadows sshd[24172]: debug: Encryption type: idea Jun 28 16:49:18 shadows sshd[24172]: debug: Received session key; encryption turned on. Jun 28 16:49:18 shadows sshd[24172]: debug: Attempting authentication for soap. Jun 28 16:49:18 shadows sshd[24172]: debug: Trying rhosts with RSA host authentication for soap Jun 28 16:49:18 shadows sshd[24172]: debug: RhostsRSA authentication failed for 'soap', remote 'soap', host 'beasty-boys.supsys.fi'. Jun 28 16:49:23 shadows sshd[24172]: debug: Password authentication for soap failed. Jun 28 16:49:23 shadows sshd[24172]: fatal: Connection closed by remote host. Jun 28 16:49:23 shadows sshd[24172]: debug: Calling cleanup 0x104c0(0x0) Jun 28 16:49:25 shadows sshd[24174]: log: Connection from 194.111.220.20 port 1018 Jun 28 16:49:25 shadows sshd[24171]: debug: Forked child 24174. Jun 28 16:49:25 shadows sshd[24174]: debug: Client protocol version 1.5; client software version 1.2.19 Jun 28 16:49:25 shadows sshd[24174]: debug: Sent 768 bit public key and 1024 bit host key. Jun 28 16:49:25 shadows sshd[24174]: debug: Encryption type: idea Jun 28 16:49:26 shadows sshd[24174]: debug: Received session key; encryption turned on. Jun 28 16:49:26 shadows sshd[24174]: debug: Attempting authentication for soap. Jun 28 16:49:26 shadows sshd[24174]: debug: Trying rhosts with RSA host authentication for soap Jun 28 16:49:26 shadows sshd[24174]: debug: RhostsRSA authentication failed for 'soap', remote 'soap', host 'beasty-boys.supsys.fi'. Jun 28 16:49:49 shadows sshd[24174]: log: Password authentication for soap accepted. Jun 28 16:49:49 shadows sshd[24174]: debug: Allocating pty. Jun 28 16:49:49 shadows sshd[24174]: debug: Forking shell. Jun 28 16:49:49 shadows sshd[24174]: debug: Entering interactive session. Jun 28 16:49:50 shadows sshd[24176]: login_getclass: unknown class '00^B' Jun 28 16:49:53 shadows sshd[24174]: debug: Received SIGCHLD. Jun 28 16:49:53 shadows sshd[24174]: debug: End of interactive session; stdin 5, stdout (read 824, sent 824), stderr 0 bytes. Jun 28 16:49:53 shadows sshd[24174]: debug: pty_cleanup_proc called Jun 28 16:49:53 shadows sshd[24174]: debug: Command exited with status 0. Jun 28 16:49:53 shadows sshd[24174]: debug: Received exit confirmation. Jun 28 16:49:53 shadows sshd[24174]: log: Closing connection to 194.111.220.20 i run sshd as standalone, as suggested. fascistlogging turned on. if that's not enough, i dont know what you want. sure, it's bit "vocal". i also have still that unknown class thing, even though both my /etc files and ssh are upgraded multiple times to match the rest of the system, since i run -current i have to do that often. mickey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706281358.QAA24251>