sshd logging

Paul Schmehl pschmehl_lists at tx.rr.com
Mon Jul 17 23:35:23 UTC 2017


--On July 17, 2017 at 6:38:00 AM -0400 Daniel Feenberg <feenberg at nber.org> 
wrote:

>
>
> On Mon, 17 Jul 2017, Matthias Apitz wrote:
>
>> El día domingo, julio 16, 2017 a las 10:34:42p. m. -0500, Paul Schmehl
>> escribió:
>>
>>> Is there a way to get sshd to only log successful logins?
>>
>> What about using ipf(8)?
>
> denyhosts or fail2ban would be easier. You'd still get a few lines in the
> logs, but only a few.
>

Thanks, Dan. I'll take a look.

I've never understood why logging routinely records every failed 
interaction. I suppose it's because summarizing it would take more 
processing plus some sort of database. Seriously though, why should I care 
about failed logins? It's the successful ones that I need to know about.

Paul Schmehl, Retired
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell



More information about the freebsd-questions mailing list