Minimize sshd log clutter/spam from unauthenticated connections

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Dear OpenSSH developers,

a publicly accessible sshd on port 22 generates a lot of log clutter from unauthenticated connections. For an exemplary host on a university network, sshd accumulates 5~20k log lines on a single day (more than 90% of the total amount of syslog lines). That is despite the host having a restricted configuration (no SSH password authentication, firewall rate limit for new SSH connections on /24 subnets permitting a few connections per hour, however with a shorter timeout). I'd expect even more log messages for a default configuration (password auth enabled and no firewall rate limit).

Would you be open to introducing a new config option to suppress any log messages from yet unauthenticated connections? If such a suggestion has been discussed before, please direct me to it. I haven't found anything in the archives.

Any log messages including successful authentication and afterwards are still desired, so changing the log level to above INFO will not help. Additionally, even unauthenticated connections cause messages with levels ERROR ("kex_exchange_identification: Connection closed by remote host") or even CRITICAL ("Timeout before authentication"). As I periodically scan my hosts' syslogs for messages with level WARNING or above, I currently have to filter these messages to keep my inbox from overflowing.

Thanks and best regards,

openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux