LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-02-2008, 08:12 AM   #1
xpucto
Member
 
Registered: Sep 2005
Location: Vienna, Austria
Distribution: Mint 13
Posts: 524

Rep: Reputation: 31
How to have a log for sshd?


Hi!

I run FC as a server and would like to have a log for my sshd. How may I do this?

thanks
 
Old 06-02-2008, 08:21 AM   #2
Tux-Slack
Member
 
Registered: Nov 2006
Location: Slovenia
Distribution: Slackware 13.37
Posts: 511

Rep: Reputation: 37
ssh is normaly logged by default.
Check the /etc/ssh/sshd_conf file for more info.
 
Old 06-02-2008, 01:58 PM   #3
tommyr1216
Member
 
Registered: Sep 2004
Location: Pennsylvania
Distribution: Gentoo, Suse, Fedora, Slackware
Posts: 56

Rep: Reputation: 15
In Fedora, /var/log/secure contains the sshd log. It will tell you who tried to log in, whether they succeeded, etc..
 
Old 06-02-2008, 03:08 PM   #4
Ajax4Hire
LQ Newbie
 
Registered: May 2004
Location: sol 3 (3rd planet from sun)
Distribution: Redhat 9.0
Posts: 8

Rep: Reputation: 0
last also contains a list of successful and failed login attempts via ssh (as well as Desktop).

>last -f /var/log/btmp

lastb is a short cut for the above command.
To list by ip address:
lastb -i or
last -i -f /var/log/btmp

This output is easier to scan for failed login attempts.
To stop hacking via ssh try denyhost, works great.
 
Old 06-03-2008, 05:37 AM   #5
xpucto
Member
 
Registered: Sep 2005
Location: Vienna, Austria
Distribution: Mint 13
Posts: 524

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by Ajax4Hire View Post
last also contains a list of successful and failed login attempts via ssh (as well as Desktop).

>last -f /var/log/btmp

lastb is a short cut for the above command.
To list by ip address:
lastb -i or
last -i -f /var/log/btmp

This output is easier to scan for failed login attempts.
To stop hacking via ssh try denyhost, works great.
really cool commands thanks!

The thing is that I configured iptables in such a way that only a few ips are allowed to login. Only those allowed ips are showed in the logs. But I would like also to see all the other failed attempts which have been blocked through the firewall. Ok, now that I'm writing this, it becomes me clear that I'm looking in the wrong log files! Where should I look to find those failed login attempts? Where are the iptables'log files?

thanks

Last edited by xpucto; 06-03-2008 at 05:39 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 05:59 AM
Log all sshd attempts hbar Debian 2 01-29-2008 04:53 PM
Strange sshd log messages sorenp Linux - Security 3 04-19-2007 01:58 PM
SSHD log? itz2000 Linux - Security 6 11-15-2005 09:39 AM
sshd log -am I in trouble? c_mitulescu Linux - Security 2 12-13-2004 06:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration