From nobody Mon Sep 18 10:06:02 2023
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rq0mw1kLpz4svXF
	for <questions@mlmmj.nyi.freebsd.org>; Mon, 18 Sep 2023 10:06:08 +0000 (UTC)
	(envelope-from danm@prime.gushi.org)
Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "prime.gushi.org", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Rq0mv271sz3VGh
	for <questions@freebsd.org>; Mon, 18 Sep 2023 10:06:07 +0000 (UTC)
	(envelope-from danm@prime.gushi.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gushi.org header.s=prime2014 header.b=mM5LrBgj;
	spf=pass (mx1.freebsd.org: domain of danm@prime.gushi.org designates 2620:137:6000:10::142 as permitted sender) smtp.mailfrom=danm@prime.gushi.org;
	dmarc=pass (policy=none) header.from=gushi.org
Received: from prime.gushi.org (localhost [127.0.0.1])
	by prime.gushi.org (8.17.2/8.17.2) with ESMTPS id 38IA62Ui013297
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
	for <questions@freebsd.org>; Mon, 18 Sep 2023 10:06:03 GMT
	(envelope-from danm@prime.gushi.org)
DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 38IA62Ui013297
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org;
	s=prime2014; t=1695031563;
	bh=kwHNVH/N7B5HKBuz8IfZdhErRMb5OhrJi29MncoQdoQ=;
	h=Date:From:To:Subject;
	z=Date:=20Mon,=2018=20Sep=202023=2010:06:02=20+0000=20(UTC)|From:=2
	 0"Dan=20Mahoney=20(Gushi)"=20<freebsd@gushi.org>|To:=20questions@f
	 reebsd.org|Subject:=20Quieting=20SSHd=20messages=20to=20the=20cons
	 ole;
	b=mM5LrBgjC/n/eqKSogdgFXAe67g4OUuBTZEph5yDGBhjKLQ2cIWB82bnQoM8SRqWC
	 pUPR07O4L3tN24FQlhHfDFC/pxjmVqoatEtvNygBphAIEpWfdqqCwjUjm5edQhYlyq
	 rLzFBzhn8HPvJmG653Jxo2dRr5OBycImYhvEk0tvjkBD9vDTxJgbV7H6PI0Wwev497
	 MPTCDJrH0Sccyi5t3baIglCJ/V6/vcH3uNkg9qLn7E9TFwxQ3L4YJ2PLX5hszSKPP9
	 UEJSQcadKsdVvXZxP0rFzAXvOY0SitJfb8LJUz7Cc5zHCS0o6xY5iEfJM9l+fJ8VOn
	 fAlwXxOmWYlFA==
Received: (from danm@localhost)
	by prime.gushi.org (8.17.2/8.17.2/Submit) id 38IA62Us013296;
	Mon, 18 Sep 2023 10:06:02 GMT
	(envelope-from danm)
Date: Mon, 18 Sep 2023 10:06:02 +0000 (UTC)
From: "Dan Mahoney (Gushi)" <freebsd@gushi.org>
To: questions@freebsd.org
Subject: Quieting SSHd messages to the console
Message-ID: <ae1fe405-7cd0-66e4-8224-309d933d1c79@gushi.org>
X-OpenPGP-Key-ID: 0x624BB249
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (prime.gushi.org [0.0.0.0]); Mon, 18 Sep 2023 10:06:03 +0000 (UTC)
X-Spamd-Bar: ------
X-Spamd-Result: default: False [-6.38 / 15.00];
	DWL_DNSWL_MED(-2.00)[gushi.org:dkim];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.98)[-0.976];
	RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[gushi.org,none];
	FORGED_SENDER(0.30)[freebsd@gushi.org,danm@prime.gushi.org];
	R_DKIM_ALLOW(-0.20)[gushi.org:s=prime2014];
	RCVD_IN_DNSWL_MED(-0.20)[2620:137:6000:10::142:from];
	R_SPF_ALLOW(-0.20)[+a];
	MIME_GOOD(-0.10)[text/plain];
	PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	MLMMJ_DEST(0.00)[questions@freebsd.org];
	DKIM_TRACE(0.00)[gushi.org:+];
	TO_DN_NONE(0.00)[];
	ARC_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US];
	RCVD_TLS_LAST(0.00)[];
	FROM_NEQ_ENVFROM(0.00)[freebsd@gushi.org,danm@prime.gushi.org];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4Rq0mv271sz3VGh

All,

Sometimes, like when doing an upgrade on my system, I want to use the 
console.

I want to get a message on the console when a user su's (auth.notice). 
That seems pretty critical.

I do not want to get logs on the console for every other ssh session that 
fails to complete because the internet is full of bots.

Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: 
Fssh_kex_exchange_identification: Connection closed by remote host

Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication 
error for illegal user test from 78.38.71.249

What goes to the console in /etc/syslog.conf is:

*.err;kern.warning;auth.notice;mail.crit                /dev/console

Is there a way to say "everything else.err, but not auth.err"?

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
FB:  fb.com/DanielMahoneyIV
LI:   linkedin.com/in/gushi
Site:  http://www.gushi.org
---------------------------