Enabling SSHD authentication logging via syslog on Solaris 8 and 9

This article provides the steps to enable authentication logging via syslog of the ssh daemin (sshd). This will enable ssh to log any login attempts (successful/unsuccessful) to a log file.

  1. Add the following entry to the /etc/syslog.conf file:
    auth.info    /var/adm/messages
    note: When editing /etc/syslog.conf, you must make sure you use tabs (not spaces) between the selector and actions
  2. Restart the syslog daemon
    # /etc/init.d/syslog stop
    # /etc/init.d/syslog start
  3. Edit /etc/ssh/sshd_config file to modify the following lines as required:
    # Maximum number of retries for authentication
    # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
    MaxAuthTries 6
    MaxAuthTriesLog 3
    Where:
    MaxAuthTries specifies the maximum number of authentication attempts permitted per connection
    MaxAuthTriesLog specifies the number of failures reached before a failure is logged
  4. Restart the sshd daemon
    # /etc/init.d/sshd stop
    # /etc/init.d/sshd start