| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Sep 2011 04:51:23 -0500 From: Laurelai <laurelai@...echan.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: sshd logins without a source On 9/23/2011 4:42 AM, paul.szabo@...ney.edu.au wrote: >> ... I can see in each servers sshd logs an entry like the following: >> Sep 22 12:57:14 test-vm sshd[25002]: pam_unix(sshd:session): session opened for user root by (uid=0) >> Sep 22 12:57:32 test-vm sshd[25002]: pam_unix(sshd:session): session closed for user root >> ... seems odd that there is no IP address corresponding with the >> login, I can't seem to reproduce that on my test servers. > I do not think that sshd normally logs its source. What do you mean that > you cannot reproduce? - To produce the desired log, I added to > /etc/hosts.allow the line > sshd : all : spawn /usr/bin/logger -t"%d[%p]" "Connection source %h port %r" > > Cheers, Paul > > Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of Sydney Australia > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Don't most modern Linux distros log sshd by default? If for whatever reason yours doesn't you can set the log level in the sshd config. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists