Printable View
How do I turn off the feature that prints all openssh errors to the screen?
I'm getting a lot of openssh attacks, but when they happen I can't block
the IP because there are too many errors scrolling by.
--
To contact me via email, substitute
'aaronc' for 'spam' in my address.
[url]http://www.towerdata.com[/url]
On 2005-10-24, Aaron Couts <spam@couts.org> wrote:[color=blue]
> How do I turn off the feature that prints all openssh errors to the screen?
> I'm getting a lot of openssh attacks, but when they happen I can't block
> the IP because there are too many errors scrolling by.[/color]
I'm using OpenBSD 3.4.
--
To contact me via email, substitute
'aaronc' for 'spam' in my address.
[url]http://www.towerdata.com[/url]
Aaron Couts wrote:[color=blue]
> On 2005-10-24, Aaron Couts <spam@couts.org> wrote:
>[color=green]
>>How do I turn off the feature that prints all openssh errors to the screen?
>>I'm getting a lot of openssh attacks, but when they happen I can't block
>>the IP because there are too many errors scrolling by.[/color]
>
>
> I'm using OpenBSD 3.4.
>[/color]
I suggest looking in /etc/syslog.conf.
I think you could potentially add a line like this
!sshd
*.* /var/log/sshlog
and I think that will redirect all sshd syslog messages to whatever file
you choose.
Of course, if console messages give you the ****s, you could redirect
all the /dev/console destinations to somewhere else.
Ben
On 2005-10-24, Ben O <ftoomch@hotmail.com> wrote:[color=blue]
> Aaron Couts wrote:[color=green]
>> On 2005-10-24, Aaron Couts <spam@couts.org> wrote:
>>[color=darkred]
>>>How do I turn off the feature that prints all openssh errors to the screen?
>>>I'm getting a lot of openssh attacks, but when they happen I can't block
>>>the IP because there are too many errors scrolling by.[/color]
>> I'm using OpenBSD 3.4.[/color][/color]
[color=blue]
> I suggest looking in /etc/syslog.conf.[/color]
I'll try that, thanks.
--
To contact me via email, substitute
'aaronc' for 'spam' in my address.
[url]http://www.towerdata.com[/url]
In article <slrndlqm92.h8l.spam@waimea.local>, [email]spam@couts.org[/email] wrote:[color=blue]
>On 2005-10-24, Ben O <ftoomch@hotmail.com> wrote:[color=green]
>> Aaron Couts wrote:[color=darkred]
>>> On 2005-10-24, Aaron Couts <spam@couts.org> wrote:
>>>
>>>>How do I turn off the feature that prints all openssh errors to the screen?
>>>>I'm getting a lot of openssh attacks, but when they happen I can't block
>>>>the IP because there are too many errors scrolling by.
>>> I'm using OpenBSD 3.4.[/color][/color][/color]
[color=blue][color=green]
>> I suggest looking in /etc/syslog.conf.[/color][/color]
[color=blue]
>I'll try that, thanks.[/color]
Question number one, what are you logged in as root to the console for?
That's the only way I get stuff like that. Log in as somebody else and
su.
Also, did you look at /etc/ssh/sshd_config?
And, assuming you added your own personl login to teh right groups,
check out /var/log/authlog and search for sshd. I just do cat
/var/log/authlog | grep sshd | less to get just the needed lines and
then add another IP to the list in pf.conf and do pf -d ; pfctl -e to
restart it without flushi NAT stuff and the like. (I'm not suphisticated
enough to use the in-memory tables for pf.)