Date: Mon, 16 Sep 2013 19:57:59 +0200 From: aurikus grande <aurikus@gmail.com> To: Rick Miller <vmiller@hostileadmin.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: how to log sshd access in a single file Message-ID: <CAPzqM6CL=LJA9MHnKW8NS7=Y_36NgeGuJCSt98zUedAvmCfKww@mail.gmail.com> In-Reply-To: <CAHzLAVE96vJK3ni1=WoSbiChODa7PhWhghLOKTXHNw9qnVM3=A@mail.gmail.com> References: <CAPzqM6D=hy9P-N3TwLZQAbPp4bU_Sp57-LN-DmLaBkD_3jQSTg@mail.gmail.com> <CAHzLAVH%2BDU67cYt9vQB9BSRor8HgsL=A_HxFGbXpPaG-0ukEFQ@mail.gmail.com> <CAPzqM6Duoe5qOPevqHPrXG=%2Bq5u=AYrBe88yKH5ksAx76ac=aw@mail.gmail.com> <CAHzLAVE96vJK3ni1=WoSbiChODa7PhWhghLOKTXHNw9qnVM3=A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Rick, sorry that i did not reply to all, from now on i will use "reply to all". Thanks for pointing it out. I will also open port 80 for web access, but i do not want to log those. Because i expect a huge amount of traffic on my server. So i only want to log successfull and unsuccessfull sshd access. twist is part of the FreeBSD 9.1 base installation, i did not yet install any other package. The idea behind using hosts.allow was because i could specify the rule by the service (and not by the level of the message). And yes, in my case sshd is configured to run via inetd. You are correct, my main goal is to log all failed sshd attempts. If it is easier to log successfull and failed attempts (to the same file), this would also be fine for me. Thanks in advance for your continued effort. Best regards, aurikus. 2013/9/16 Rick Miller <vmiller@hostileadmin.com> > Hi Aurikus, > > Selecting "Reply all" when replying to messages on the list allows the > entire list to benefit from the discussion. > > > On Mon, Sep 16, 2013 at 11:05 AM, aurikus grande <aurikus@gmail.com>wrote= : > >> Hello Rick. >> >> thanks a lot for your quick reply. >> >> Does your recommendation - to use syslog.conf mean instead - that i cant >> accomplish what i want with hosts.allow and twist ? >> > > I am unfamiliar with twist and cannot authoritatively answer this > question. Not to mention, it does not appear to be in base > > I=B4m still reading through the man pages and try to understand how to >> configure syslog.conf. >> > > I recommended syslog, because it is the stock logging mechanism for > FreeBSD. > > On my 9.1 system, /etc/syslog.conf contains: > > auth.info;authpriv.info /var/log/auth.log > > These facilities are both logging to /var/log/auth.log. > > Your stated goal was logging of failed ssh attempts to your host. The > above line in syslog.conf accomplishes this by sending the message to > /var/log/auth.log. > > TCPWrappers will have no effect on logging of failed ssh attempts unless > sshd is configured to run via inetd. > > I recommend pf or ipfw for filtering access to ssh. > > -- > Take care > Rick Miller >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPzqM6CL=LJA9MHnKW8NS7=Y_36NgeGuJCSt98zUedAvmCfKww>