Here's my situation...I have ssh setup on my ultra 1 running solaris 8...I also have TCP-wrappers on this machine...first, how do I log all sshd connectivity to the syslog?? Second, how do I have wrappers also protect my ssh connections like it does with ftp and telnet??
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ssh help needed...
- Thread starter hogsac
- Start date
When you compile sshd you have to configure it with the option:
./configure with-libwrap.a=/path/to/libwrap.a
This should get you working with tcpwrappers.
Now for the logging...
There's a file on your system called /etc/[ssh/]sshd_config. There you can set the field "SyslogFacility" to a local facility unlisted in your syslog.conf, i.e. to LOCAL7. Then you will also need to set a loglevel for teh type of info you want to log.
The lines in /etc/[ssh/]sshd_config should look like:
SyslogFacility LOCAL7
LogLevel INFO
Then in /etc/syslog.conf add a line like:
local7.*[tab]/var/log/syslog
That should get your logging working...
I hope this helps!
Bryan
./configure with-libwrap.a=/path/to/libwrap.a
This should get you working with tcpwrappers.
Now for the logging...
There's a file on your system called /etc/[ssh/]sshd_config. There you can set the field "SyslogFacility" to a local facility unlisted in your syslog.conf, i.e. to LOCAL7. Then you will also need to set a loglevel for teh type of info you want to log.
The lines in /etc/[ssh/]sshd_config should look like:
SyslogFacility LOCAL7
LogLevel INFO
Then in /etc/syslog.conf add a line like:
local7.*[tab]/var/log/syslog
That should get your logging working...
I hope this helps!
Bryan
- Thread starter
- #3
A couple things...first of all, when installing ssh there was no need for me to ever use ./configure because I installed the package from sunfreeware.com using pkgadd...
Also, I tried to enable logging...my sshd_config file is in /usr/local/etc, but nonetheless, I made the necessary changes to that file and /etc/syslog.conf, then restarted the ssh daemon, but my ssh connections are not being logged...
Any other ideas??
Also, I tried to enable logging...my sshd_config file is in /usr/local/etc, but nonetheless, I made the necessary changes to that file and /etc/syslog.conf, then restarted the ssh daemon, but my ssh connections are not being logged...
Any other ideas??
What level of logging are you using in the sshd_conf file? And if you don't want to recompile the binaries, then you will need to eitehr find someone who has packaged it up just the way you need it or run it from withing inetsvc by configuring it into /etc/inetd.conf
- Thread starter
- #5
One of the various loglevels should suit your needs.
The local7 is simply a way that syslog allows you to customize what is logged and where it is logged to. It can actually be anything from local0 through (I think) local9.
That way lets say you have one custom program and it logs to local3, and you want to monitor or capture that info in one file, while another of your custom programs may use local4, and it is set to log to a different file.
The various log levels are as follows:
LogLevel
Gives the verbosity level that is used when logging messages from sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended.
Unless you downloaded the tarball (source) for ssh, you cannot run a configure. So unless you download and compile ssh, you will have to use ssh through inetd to use tcpwrappers. That can be configured by modifying the /etc/inetd.conf file.
Bryan
The local7 is simply a way that syslog allows you to customize what is logged and where it is logged to. It can actually be anything from local0 through (I think) local9.
That way lets say you have one custom program and it logs to local3, and you want to monitor or capture that info in one file, while another of your custom programs may use local4, and it is set to log to a different file.
The various log levels are as follows:
LogLevel
Gives the verbosity level that is used when logging messages from sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended.
Unless you downloaded the tarball (source) for ssh, you cannot run a configure. So unless you download and compile ssh, you will have to use ssh through inetd to use tcpwrappers. That can be configured by modifying the /etc/inetd.conf file.
Bryan
- Thread starter
- #7
- Thread starter
- #9
- Status
Similar threads
