how to log sshd access in a single file
Rick Miller
vmiller at hostileadmin.com
Mon Sep 16 17:30:00 UTC 2013
Hi Aurikus,
Selecting "Reply all" when replying to messages on the list allows the
entire list to benefit from the discussion.
On Mon, Sep 16, 2013 at 11:05 AM, aurikus grande <aurikus at gmail.com> wrote:
> Hello Rick.
>
> thanks a lot for your quick reply.
>
> Does your recommendation - to use syslog.conf mean instead - that i cant
> accomplish what i want with hosts.allow and twist ?
>
I am unfamiliar with twist and cannot authoritatively answer this question.
Not to mention, it does not appear to be in base
I´m still reading through the man pages and try to understand how to
> configure syslog.conf.
>
I recommended syslog, because it is the stock logging mechanism for FreeBSD.
On my 9.1 system, /etc/syslog.conf contains:
auth.info;authpriv.info /var/log/auth.log
These facilities are both logging to /var/log/auth.log.
Your stated goal was logging of failed ssh attempts to your host. The
above line in syslog.conf accomplishes this by sending the message to
/var/log/auth.log.
TCPWrappers will have no effect on logging of failed ssh attempts unless
sshd is configured to run via inetd.
I recommend pf or ipfw for filtering access to ssh.
--
Take care
Rick Miller
More information about the freebsd-questions
mailing list