Enabling SSHD authentication logging via syslog on Solaris 10

This article provides the steps to enable authentication logging via syslog of the ssh daemin (sshd). This will enable ssh to log any login attempts (successful/unsuccessful) to a log file.

  1. Add the following entry to the /etc/syslog.conf file:
    auth.info    /var/adm/messages
    note: When editing /etc/syslog.conf, you must make sure you use tabs (not spaces) between the selector and actions
  2. Restart the syslog daemon
    # svcadm restart svc:/system/system-log:default
  3. Edit /etc/ssh/sshd_config file to modify the following lines as required:
    # Maximum number of retries for authentication
    # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
    MaxAuthTries 6
    MaxAuthTriesLog 3
    MaxAuthTries specifies the maximum number of authentication attempts permitted per connection
    MaxAuthTriesLog specifies the number of failures reached before a failure is logged
  4. Restart the sshd daemon
    # svcadm restart svc:/network/ssh:default