Enabling SSHD authentication logging via syslog on Solaris 8 and 9
This article provides the steps to enable authentication logging via syslog of the ssh daemin (sshd). This will enable ssh to log any login attempts (successful/unsuccessful) to a log file.
- Add the following entry to the /etc/syslog.conf file:
auth.info /var/adm/messages
note: When editing /etc/syslog.conf, you must make sure you use tabs (not spaces) between the selector and actions - Restart the syslog daemon
# /etc/init.d/syslog stop # /etc/init.d/syslog start
- Edit /etc/ssh/sshd_config file to modify the following lines as required:
# Maximum number of retries for authentication # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2 MaxAuthTries 6 MaxAuthTriesLog 3
Where:MaxAuthTries specifies the maximum number of authentication attempts permitted per connection MaxAuthTriesLog specifies the number of failures reached before a failure is logged - Restart the sshd daemon
# /etc/init.d/sshd stop # /etc/init.d/sshd start