From owner-freebsd-questions@freebsd.org  Mon Jul 17 23:35:23 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C3FADA42A1
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 17 Jul 2017 23:35:23 +0000 (UTC)
 (envelope-from pschmehl_lists@tx.rr.com)
Received: from dnvrco-oedge-vip.email.rr.com
 (dnvrco-outbound-snat.email.rr.com [107.14.73.232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "dnvrco-oedge-vip.email.rr.com",
 Issuer "dnvrco-oedge-vip.email.rr.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id D53D4772FA
 for <freebsd-questions@freebsd.org>; Mon, 17 Jul 2017 23:35:22 +0000 (UTC)
 (envelope-from pschmehl_lists@tx.rr.com)
Received: from [76.183.153.52] ([76.183.153.52:51014] helo=[192.168.0.8])
 by dnvrco-omsmta03 (envelope-from <pschmehl_lists@tx.rr.com>)
 (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ESMTP
 id DE/E2-25786-3B94D695; Mon, 17 Jul 2017 23:35:15 +0000
Date: Mon, 17 Jul 2017 18:35:14 -0500
From: Paul Schmehl <pschmehl_lists@tx.rr.com>
Reply-To: Paul Schmehl <pschmehl_lists@tx.rr.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: sshd logging
Message-ID: <B7D68041A26D18D97D24F8CA@Pauls-MacBook-Pro.local>
In-Reply-To: <alpine.LRH.2.20.1707170636550.28890@sas1.nber.org>
References: <C96D90F644C8AD0486EB3C91@Pauls-MacBook-Pro.local>
 <20170717051638.GB2368@c720-r314251>
 <alpine.LRH.2.20.1707170636550.28890@sas1.nber.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-RR-Connecting-IP: 107.14.64.88:25
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 23:35:23 -0000

--On July 17, 2017 at 6:38:00 AM -0400 Daniel Feenberg <feenberg@nber.org>=20
wrote:

>
>
> On Mon, 17 Jul 2017, Matthias Apitz wrote:
>
>> El d=C3=ADa domingo, julio 16, 2017 a las 10:34:42p. m. -0500, Paul =
Schmehl
>> escribi=C3=B3:
>>
>>> Is there a way to get sshd to only log successful logins?
>>
>> What about using ipf(8)?
>
> denyhosts or fail2ban would be easier. You'd still get a few lines in the
> logs, but only a few.
>

Thanks, Dan. I'll take a look.

I've never understood why logging routinely records every failed=20
interaction. I suppose it's because summarizing it would take more=20
processing plus some sort of database. Seriously though, why should I care=20
about failed logins? It's the successful ones that I need to know about.

Paul Schmehl, Retired
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell