Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Where is the sshd log ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Basaltman
n00b
n00b


Joined: 13 Feb 2014
Posts: 18

PostPosted: Thu Feb 13, 2014 12:54 pm    Post subject: [solved] Where is the sshd log ? Reply with quote

Hello,

I'm new to Gentoo and just installed Gentoo 11. I intend to upgrade to a newer version as soon as I can.
I have trouble configuring sshd to accept logging in with ssh keys so I'd like to see what's wrong in the log.
But where is the sshd log?
I don't have a /var/log/message file.

Thanks for your help.


Last edited by Basaltman on Thu Feb 13, 2014 4:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
smerf
l33t
l33t


Joined: 06 Nov 2004
Posts: 778
Location: Polska

PostPosted: Thu Feb 13, 2014 1:17 pm    Post subject: Reply with quote

Have you changed SSH configuration?

Which system logger have you installed (syslog-ng, ...)?
_________________
Microsoft is not the answer, Microsoft is the question, the answer is no.
Back to top
View user's profile Send private message
Basaltman
n00b
n00b


Joined: 13 Feb 2014
Posts: 18

PostPosted: Thu Feb 13, 2014 1:49 pm    Post subject: Reply with quote

Thanks for your reply.
Not it's a fresh install. Here's my sshd_config file.

Code:
#   $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
#AuthorizedKeysFile   .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no
PrintLastLog no
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox      # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem   sftp   /usr/lib64/misc/sftp-server

# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
 
# disable hpn performance boosts
#HPNDisabled no

# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048


# allow the use of the none cipher
#NoneEnabled no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   ForceCommand cvs server

# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*


I tried uncommenting the

Code:

#SyslogFacility AUTH
#LogLevel INFO
lines

and restarting sshd but this makes no difference as far as I can tell. I stillI can't find where sshd logs its stuff.
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1969

PostPosted: Thu Feb 13, 2014 2:23 pm    Post subject: Reply with quote

Well, your sshd_config has logging turned off, as far as I can tell. Mine has:
Code:

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel DEBUG

and seems to log to /var/log/messages. OTOH I've got sshd messages
redirected to syslog-ng, and it's a while since I set it up, so I'm not clear
as to the default configuration.

Will
Back to top
View user's profile Send private message
Basaltman
n00b
n00b


Joined: 13 Feb 2014
Posts: 18

PostPosted: Thu Feb 13, 2014 3:10 pm    Post subject: Reply with quote

smerf wrote:
Have you changed SSH configuration?

Which system logger have you installed (syslog-ng, ...)?


Oh now I think I understand. I need to install a system logger. I thought there would be one already installed.
Any advice on which one would work best? I need something compatible with fail2ban but I guess they all are?
Back to top
View user's profile Send private message
Basaltman
n00b
n00b


Joined: 13 Feb 2014
Posts: 18

PostPosted: Thu Feb 13, 2014 4:02 pm    Post subject: Reply with quote

I installed syslog-ng using emerge and now I can see sshd logs in /var/log/messages
Thanks smerf!

I immediately identified why I couldn't log in with ssh using the account I had created. The account didn't exist! I thought it had been created but actually useradd had failed because the username started with an uppercase letter (not allowed).
Back to top
View user's profile Send private message
smerf
l33t
l33t


Joined: 06 Nov 2004
Posts: 778
Location: Polska

PostPosted: Thu Feb 13, 2014 7:38 pm    Post subject: Reply with quote

BTW: https://forums.gentoo.org/viewtopic.php?t=17169
_________________
Microsoft is not the answer, Microsoft is the question, the answer is no.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum