Hacker News new | ask | show | jobs
by zAy0LfpBZLC8mAC 2970 days ago
Except actual attacks don't show up in logs anyway, so it's still pointless?

The SSH daemon logs when it successfully rejects an access. A successfully rejected access is inconsequential to your security. If you are using secure passwords or pubkey authentication, it will never log a successful login by an attacker. What remains then is exploitation of the SSH server ... but the SSH server doesn't have a code path that logs "I have been exploited".
1 comments
A2017U1 2969 days ago
/etc/sshrc executes before a successful ssh login, you can use that to be notified before an attacker has any access to log files
link
zAy0LfpBZLC8mAC 2969 days ago
... so? How does that contradict what I wrote?
link