Re: Quieting SSHd messages to the console
- In reply to: Dan Mahoney (Gushi): "Quieting SSHd messages to the console"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Sep 2023 15:28:24 UTC
> On Sep 18, 2023, at 03:06, Dan Mahoney (Gushi) <freebsd@gushi.org> wrote: > > All, > > Sometimes, like when doing an upgrade on my system, I want to use the console. > > I want to get a message on the console when a user su's (auth.notice). That seems pretty critical. > > I do not want to get logs on the console for every other ssh session that fails to complete because the internet is full of bots. > > Sep 18 08:42:31 <auth.err> prime sshd[3098]: error: Fssh_kex_exchange_identification: Connection closed by remote host > > Sep 18 08:38:24 <auth.err> prime sshd[2531]: error: PAM: Authentication error for illegal user test from 78.38.71.249 > > What goes to the console in /etc/syslog.conf is: > > *.err;kern.warning;auth.notice;mail.crit /dev/console > > Is there a way to say "everything else.err, but not auth.err"? I resolved that issue by changing the port sshd uses. I first did that over 10 year ago and have not seen any unexpected log entries since. However, it does require altering the sshd.config file for every system you use and changing the ssh defaults on all the clients. -- Doug