Thanks to all who took the time to reply. In the end I went the pf table route. The box is still logging both successful and failed logins but the number of log entries has decreased drastically.
Regards, p On Tue, Apr 13, 2010 at 3:33 PM, Ahlsen-Girard, Edward F CTR USAF AFSOC AFSOC/A6OK <[email protected]> wrote: > > Robert C Wittig wrote (2010-04-13 9:53:03): > > > > Peter HEINER wrote: > > > Hi all, > > > > > > I have a home router with 4.6/i386 installed on a 512 MB CF card. > > > As both disk space and RAM are scarce, I want to minimize logging. > > > As I don't usually have other machines running, remote logging is > not > > > really a workable solution. > > > > > > I'm not that interested in seeing the nth failed SSH login attempt, > > > but I would like to be able to monitor successful logins to the > router. > > > > > > > > > I use PF rules to control who can log into ssh on my web/mail server. > > > > Since I'm the only one who has any business trying to log in via ssh, > > I'm the only one authorised to log in. > > > > The only unsuccessful logins showing up in my ssh log will be those > > times I type my own login incorrectly. > > > > As I see accumulating failed login attempts I also block the addresses > and sometimes the ranges. It's not likely they'll succeed with password > logins disabled, but why be the guy who finds out the hard way that it > really CAN be done? > > -- > Ed Ahlsen-Girard
