How to enable authentication logging via syslog of SSHD daemon
1. To log ssh authentication to the messages file, add the following entry to the /etc/syslog.conf file:
auth.info /var/adm/messages
NOTE: When editing /etc/syslog.conf, you must use tabs (not spaces) between the selector and action.
2. Restart the syslog daemon:
In Solaris 10 and above:
# svcadm restart svc:/system/system-log:default
In Solaris 9 and below:
# /etc/init.d/syslog stop # /etc/init.d/syslog start
3. Edit the /etc/ssh/sshd_config file. Modify the following lines as desired:
# Maximum number of retries for authentication # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2 MaxAuthTries 6 MaxAuthTriesLog 3
Here,
MaxAuthTries – specifies the maximum number of authentication attempts permitted per connection.
MaxAuthTriesLog – specifies the number of failures reached before a failure is logged.
4. Restart the sshd daemon
In Solaris 10 and above:
# svcadm restart svc:/network/ssh:default
In Solaris 9 and below:
# /etc/init.d/sshd stop # /etc/init.d/sshd start