Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Nov 2002 18:09:10 +1300
From:      Jonathan Chen <jonc@chen.org.nz>
To:        Steve Wingate <s.wingate@cox.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Re: Logging ssh login failures
Message-ID:  <20021101050910.GA43933@grimoire.chen.org.nz>
In-Reply-To: <20021101050452.BNJG14888.fed1mtao01.cox.net@smtp.west.cox.net>
References:  <20021101050452.BNJG14888.fed1mtao01.cox.net@smtp.west.cox.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Nov 01, 2002 at 12:04:51AM -0500, Steve Wingate wrote:
> > 
> > On Thu, Oct 31, 2002 at 11:29:14PM -0500, Steve Wingate wrote:
> > > How can I get FreeBSD 4.7-stable to log password ssh login attempt
> > > failures? Googling shows people last year added it via a patch to
> > > /etc/security but I wonder if it's been added to base now.
> > 
> > What about the traces in /var/log/auth.log?
> > -- 
> 
> What about them? auth.log only logs successes and su's.

Odd, my 4.7-stable (with default syslog.conf and sshd.conf) logs failures
as well:

    Nov  1 18:07:13 grimoire sshd[43947]: error: Authentication failure
    Nov  1 18:07:13 grimoire sshd[43947]: Postponed keyboard-interactive for jonc from 192.168.1.10 port 4367 ssh2
    Nov  1 18:07:14 grimoire sshd[43947]: error: Authentication failure
    Nov  1 18:07:14 grimoire sshd[43947]: Failed keyboard-interactive/pam for jonc from 192.168.1.10 port 4367 ssh2
    Nov  1 18:07:14 grimoire sshd[43947]: Postponed keyboard-interactive for jonc from 192.168.1.10 port 4367 ssh2
    Nov  1 18:07:15 grimoire sshd[43947]: error: Authentication failure
    Nov  1 18:07:15 grimoire sshd[43947]: Failed keyboard-interactive/pam for jonc from 192.168.1.10 port 4367 ssh2
    Nov  1 18:07:18 grimoire sshd[43947]: Failed password for jonc from 192.168.1.10 port 4367 ssh2
    Nov  1 18:07:21 grimoire sshd[43947]: Disconnecting: Too many authentication failures for jonc

Cheers.
-- 
Jonathan Chen <jonc@chen.org.nz>
----------------------------------------------------------------------
                 When you don't know what you are doing, do it neatly.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021101050910.GA43933>