Re: How to have sshd log IP numbers instead of reverse lookups
I believe adding UseDNS no to sshd_config will do what you want. Thank you. I did see that in the man page, but didn't think it pertinent, as it doesn't mention logging. But it does indeed accomplish what I was after. Jim P.S. Very seasonally topical email address, btw. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to have sshd log IP numbers instead of reverse lookups
On 11/24/05, James Long [EMAIL PROTECTED] wrote: I was looking at /var/log/auth.log and saw an entry of the form: Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for username from example.com I wish to have an IP number logged where sshd has instead logged 'example.com' Reading sshd's man page and sshd_config's man page, I don't find any way to control this. Since 'example.com' could have multiple IP numbers, how can I change sshd's configuration to log the IP number from whence the authentication error originated? I believe adding UseDNS no to sshd_config will do what you want. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to have sshd log IP numbers instead of reverse lookups
On Sat, Nov 26, 2005 at 10:12:50AM -0500, Lowell Gilbert wrote: James Long [EMAIL PROTECTED] writes: I was looking at /var/log/auth.log and saw an entry of the form: Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for username from example.com I wish to have an IP number logged where sshd has instead logged 'example.com' Reading sshd's man page and sshd_config's man page, I don't find any way to control this. Since 'example.com' could have multiple IP numbers, how can I change sshd's configuration to log the IP number from whence the authentication error originated? If I recall correctly, those messages should be associated with other messages about the host connecting, which would include the IP address. My logs don't seem to support that. Here are consecutive lines from auth.log: Nov 24 17:13:05 ns sshd[72333]: error: PAM: authentication error for user from localhost Nov 24 17:13:06 ns last message repeated 2 times Nov 24 17:13:41 ns sshd[72340]: error: PAM: authentication error for user from 10.75.200.249 Nov 24 17:13:45 ns last message repeated 2 times Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for user from example.com Nov 24 18:41:39 ns last message repeated 2 times Nov 24 18:57:20 ns sshd[58148]: Accepted publickey for user from 10.75.200.249 port 52111 ssh2 Nov 24 18:58:12 ns sshd[58174]: Accepted publickey for user from 10.75.200.249 port 52612 ssh2 Nov 24 18:58:45 ns su: user to root on /dev/ttyp3 Here, localhost appears to come from my hosts file, as dig -x 127.0.0.1 returns a different result. example.com appears to come from reverse DNS, as there is no reference to example.com in my hosts file. 10.75.200.249 is an IP which does not have a PTR record and is not in my hosts file. Telnetting to the ssh port reveals this version string: SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to have sshd log IP numbers instead of reverse lookups
James Long [EMAIL PROTECTED] writes: I was looking at /var/log/auth.log and saw an entry of the form: Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for username from example.com I wish to have an IP number logged where sshd has instead logged 'example.com' Reading sshd's man page and sshd_config's man page, I don't find any way to control this. Since 'example.com' could have multiple IP numbers, how can I change sshd's configuration to log the IP number from whence the authentication error originated? If I recall correctly, those messages should be associated with other messages about the host connecting, which would include the IP address. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to have sshd log IP numbers instead of reverse lookups
I was looking at /var/log/auth.log and saw an entry of the form: Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for username from example.com I wish to have an IP number logged where sshd has instead logged 'example.com' Reading sshd's man page and sshd_config's man page, I don't find any way to control this. Since 'example.com' could have multiple IP numbers, how can I change sshd's configuration to log the IP number from whence the authentication error originated? Thanks! Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]