ws at au.dyndns.ws
Tue Jul 18 07:49:17 UTC 2017
On Mon, 2017-07-17 at 18:35 -0500, Paul Schmehl wrote:
> --On July 17, 2017 at 6:38:00 AM -0400 Daniel Feenberg <feenberg at nber
> > On Mon, 17 Jul 2017, Matthias Apitz wrote:
> > > El día domingo, julio 16, 2017 a las 10:34:42p. m. -0500, Paul
> > > Schmehl
> > > escribió:
> > >
> > > > Is there a way to get sshd to only log successful logins?
> > >
> > > What about using ipf(8)?
> > denyhosts or fail2ban would be easier. You'd still get a few lines
> > in the
> > logs, but only a few.
> Thanks, Dan. I'll take a look.
> I've never understood why logging routinely records every failed
> interaction. I suppose it's because summarizing it would take more
> processing plus some sort of database. Seriously though, why should I
> about failed logins? It's the successful ones that I need to know
I imagine that historically the intensity of unauthorised login
attempts carried more significance (or was thought to) than it does
sshd_config(5) - LogLevel
I haven't seen a description of which events are logged at each level,
but I have seen a comment that setting it to "ERROR" eliminates the
logging of failed attempts.
This page suggests an approach that may be of interest:
More information about the freebsd-questions