Enabling SSHD authentication logging via syslog on Solaris 10

Published 01 Sep 2014 Read time 42 sec(s) (2495 views). Solaris

This article provides the steps to enable authentication logging via syslog of the ssh daemin (sshd). This will enable ssh to log any login attempts (successful/unsuccessful) to a log file.

Add the following entry to the /etc/syslog.conf file:
```
auth.info    /var/adm/messages
```
note: When editing /etc/syslog.conf, you must make sure you use tabs (not spaces) between the selector and actions

Restart the syslog daemon

# svcadm restart svc:/system/system-log:default

Edit /etc/ssh/sshd_config file to modify the following lines as required:
```
# Maximum number of retries for authentication
# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
MaxAuthTries 6
MaxAuthTriesLog 3
```
Where:

MaxAuthTries specifies the maximum number of authentication attempts permitted per connection

MaxAuthTriesLog specifies the number of failures reached before a failure is logged

Restart the sshd daemon

# svcadm restart svc:/network/ssh:default

MaxAuthTries	specifies the maximum number of authentication attempts permitted per connection
MaxAuthTriesLog	specifies the number of failures reached before a failure is logged