Wednesday, August 25, 2010

how to disable sshd authentication log

Platform:
  • grml 2010.04 Release Codename Grmlmonster [2010.04.29] (debian based)
I don't want the system to log when I ssh to it.  Normally, when I ssh to the server, there will be authentication logs get logged to:

/var/log/auth.log

Below is the sample logs when I logged on via ssh:

Aug 23 11:21:01 grmllinuxrocks sshd[18155]: pam_sm_authenticate: Called
Aug 23 11:21:01 grmllinuxrocks sshd[18155]: pam_sm_authenticate: username = [grml]
Aug 23 11:21:01 grmllinuxrocks sshd[18155]: Accepted password for grml from 192.168.1.139 port 1074 ssh2

which I want to get rid of.

In order to get rid of this authentication log, you have to edit this file:

/etc/rsyslog.conf

Open it and look for the lines:

auth,authpriv.*          /var/log/auth.log
*.*;auth,authpriv.none   -/var/log/syslog

And change them to:

auth,authpriv.*          /dev/null
*.*;auth,authpriv.none   -/dev/null

And that's it.  Enjoy your anonymity.

0 comments:

Post a Comment