Mageia forum

share the magic
http://forums.mageia.org/en/

[SOLVED] sshd logs

http://forums.mageia.org/en/viewtopic.php?f=25&t=7034

Page 1 of 1

[SOLVED] sshd logs

PostPosted: Feb 17th, '14, 19:59
by albahtaar
Hello everyone,

Fresh install this morning, everything runs fine enough.
Two (maybe noobish) comments though:
* I find it quite alarming to find PermitRootLogin option set to WithoutPassword by default, even though sshd needs to be authorized in the firewall settings.
* Where are the sshd logs if not in /var/log/secure (which is empty) ? Does the firewall redirect it to somewhere safer?

Regards

Re: sshd logs

PostPosted: Feb 17th, '14, 21:10
by doktor5000
albahtaar wrote:* I find it quite alarming to find PermitRootLogin option set to WithoutPassword by default, even though sshd needs to be authorized in the firewall settings.

How are sshd configuration details, and firewall rules related?
But anyways, just try to login via ssh root@127.0.0.1 - it will not log you in with your password.

albahtaar wrote:* Where are the sshd logs if not in /var/log/secure (which is empty) ? Does the firewall redirect it to somewhere safer?

Again, what does firewall have to do with the logs? Seems you're confusing things here.


Logs are getting written to the journal, you can query them via e.g. for all log entries for this boot
Code: Select all
journalctl -a -b -u sshd

You may need to add your user to the group if you don't want to get root to query the logs: https://wiki.mageia.org/en/Mageia_4_Errata#journalctl

Re: sshd logs

PostPosted: Feb 18th, '14, 12:25
by albahtaar
doktor5000 wrote:How are sshd configuration details, and firewall rules related?


I am not saying they are related, just that firewall's default ssh blocking rule would not make it a security hole right after install.

doktor5000 wrote:But anyways, just try to login via ssh root@127.0.0.1 - it will not log you in with your password.


Ok i get it now, thanks to http://h30499.www3.hp.com/t5/Secure-OS- ... wMykPFb9hE
I thought that without-password was enabling root login without any sort of authentification. I agree it is a naive view of me, but to a paranoic mind, the sshd man page was not that reassuringly clear.

doktor5000 wrote:Logs are getting written to the journal, you can query them via e.g. for all log entries for this boot
Code: Select all
journalctl -a -b -u sshd

You may need to add your user to the group if you don't want to get root to query the logs: https://wiki.mageia.org/en/Mageia_4_Errata#journalctl


Thanks for pointing that to me, I'll have a look into it.

Re: sshd logs

PostPosted: Feb 18th, '14, 20:58
by doktor5000
Please mark the thread accordingly by editing the topic of the first post and prefix it by [SOLVED], thanks
All times are UTC + 1 hour [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/