From nobody Mon Sep 18 12:46:11 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rq4Kj3Dqzz4t8Jk for ; Mon, 18 Sep 2023 12:46:17 +0000 (UTC) (envelope-from yuri@aetern.org) Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rq4Kh6pSnz4LJb for ; Mon, 18 Sep 2023 12:46:16 +0000 (UTC) (envelope-from yuri@aetern.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=aetern.org header.s=fm1 header.b="pW/JVIBd"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b="P KHljk5"; spf=pass (mx1.freebsd.org: domain of yuri@aetern.org designates 64.147.123.24 as permitted sender) smtp.mailfrom=yuri@aetern.org Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id E5CBB320091D for ; Mon, 18 Sep 2023 08:46:14 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Mon, 18 Sep 2023 08:46:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aetern.org; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1695041174; x=1695127574; bh=bYMPQw4V+AbQDSrSz5tPoqM+E/xLBBadXCq e40e/WtE=; b=pW/JVIBdOnn7eCrfx5JDewnzfZ5d6rgPBDnmveBKQrzo5k1sbVT LZ6/Zb8v5EH4nEJdfSb3MJvMqQC+vsjm1GWPYCbrdXmy1YMIDBMOWOUugcIJ0ScA kQlqqn89K1J8jhR65Q+XpHXVC191LqIRbifbvpq3UzKnXB4GNb5FYkCrebySlq6E Yto4pUgyRQbBMvSM4N9aD+yDdjQ6fsBqvWKlFDPQWngjP+kTtprID4pt/OD37UFT ihcOjJNrkj1YtMe0RsnLNDkM5/e16x+TgP6JIDTCCwY+c+5sORfls8VG8iiAJnyN VtUa24ItBRvteekjvw75n1807kzsSwmEZxg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1695041174; x= 1695127574; bh=bYMPQw4V+AbQDSrSz5tPoqM+E/xLBBadXCqe40e/WtE=; b=P KHljk5NQFQWEDdLJv0sthoA32V+lhv5m6w/GGRAwsdGTbaCLAjraZUWqW1wo3N+c Y3up5EPnZp4VTRextkknJws8hwbd+VusosAynywItyM66hZ/quYWzcrgx6CxxehT +oo02Tvo/85c0WJg7yH/GJUbx/ayGMdNG1NXQfz/OjEequkFvQsme+QDjTFdgKtE ScS4I5gwb8n2QSCrx0xKxVLlhiAsh2TOqESIQTL6SGaS9Usq4oSQbE0qt+wyPzf0 RIE2YgzMLdOYc0frEF8oAUBX340gCNw4ureMApktTYInO7aUpnlXnk64cfm2x954 xnEnpfk4MNmrlPi7hhxYw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrudejkedgheegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtke ertddtvdejnecuhfhrohhmpegjuhhrihcuoeihuhhrihesrggvthgvrhhnrdhorhhgqeen ucggtffrrghtthgvrhhnpefhtdfgleekueehkefgveevuddvffehkeekgeekleegkeeivd dujedvudehueehleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhl fhhrohhmpeihuhhrihesrggvthgvrhhnrdhorhhg X-ME-Proxy: Feedback-ID: i0d79475b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Mon, 18 Sep 2023 08:46:13 -0400 (EDT) Message-ID: Date: Mon, 18 Sep 2023 14:46:11 +0200 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Quieting SSHd messages to the console To: questions@freebsd.org References: Content-Language: en-US From: Yuri In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spamd-Bar: / X-Rspamd-Pre-Result: action=no action; module=multimap; Matched map: local_wl_from X-Spamd-Result: default: False [-0.39 / 15.00]; R_DKIM_ALLOW(-0.20)[aetern.org:s=fm1,messagingengine.com:s=fm2]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.24]; XM_UA_NO_VERSION(0.01)[]; FREEFALL_USER(0.00)[yuri]; local_wl_from(0.00)[yuri@aetern.org]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; DKIM_TRACE(0.00)[aetern.org:+,messagingengine.com:+]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; MLMMJ_DEST(0.00)[questions@freebsd.org] X-Rspamd-Queue-Id: 4Rq4Kh6pSnz4LJb Dan Mahoney (Gushi) wrote: > All, > > Sometimes, like when doing an upgrade on my system, I want to use the > console. > > I want to get a message on the console when a user su's (auth.notice). > That seems pretty critical. > > I do not want to get logs on the console for every other ssh session > that fails to complete because the internet is full of bots. > > Sep 18 08:42:31 prime sshd[3098]: error: > Fssh_kex_exchange_identification: Connection closed by remote host > > Sep 18 08:38:24 prime sshd[2531]: error: PAM: Authentication > error for illegal user test from 78.38.71.249 > > What goes to the console in /etc/syslog.conf is: > > *.err;kern.warning;auth.notice;mail.crit                /dev/console > > Is there a way to say "everything else.err, but not auth.err"? It's a bit more complicated than that, *.err is "any facility with level >= err", but then we have overriding selector auth.notice which is "auth facility with level >= notice". You could make the latter read "auth.=notice" but then you are missing ALL other levels, "auth.!=err" would print ALL level except err, which will make it really verbose (opposite of what's wanted here). And I don't see a way to say 'auth facility with level >= notice AND level != err'. What you could do here is silence those messages from sshd itself by means of LogVerbose and overriding that specific file/function with a QUIET level (didn't try, just reading the sshd_config man page).