上QQ阅读APP看书，第一时间看更新

Changing the daemon logging level

There are several levels that SSH can log at, dictated by the LogLevel setting:

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

The possibilities are QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.

The SSH daemon manual lists the DEBUG options as all violating the privacy of users, and therefore it is not recommended that you use them.

We're going to bump this up to VERBOSE:

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel VERBOSE

Restart the SSH daemon:

[vagrant@centos2 ~]$ sudo systemctl restart sshd

Now, let's have a look at what difference that made.

Here's our secure log at INFO level:

[vagrant@centos2 ~]$ sudo grep "1137" /var/log/secure
Aug  7 16:40:44 localhost sshd[1137]: Accepted publickey for vagrant from 10.0.2.2 port 53114 ssh2: RSA SHA256:1M4RzhMyWuFS/86uPY/ce2prh/dVTHW7iD2RhpquOZA
Aug  7 16:40:45 localhost sshd[1137]: pam_unix(sshd:session): session opened for user vagrant by (uid=0)

And here's our secure log at VERBOSE level:

[vagrant@centos2 ~]$ sudo grep "5796" /var/log/secure
Aug  8 15:00:00 localhost sshd[5796]: Connection from 192.168.33.10 port 39258 on 192.168.33.11 port 2222
Aug  8 15:00:00 localhost sshd[5796]: Postponed publickey for vagrant from 192.168.33.10 port 39258 ssh2 [preauth]
Aug  8 15:00:02 localhost sshd[5796]: Accepted publickey for vagrant from 192.168.33.10 port 39258 ssh2: ED25519 SHA256:nQVR7ZVJMjph093KHB6qLg9Ve87PF4fNnFw8Y5X0kN4
Aug  8 15:00:03 localhost sshd[5796]: pam_unix(sshd:session): session opened for user vagrant by (uid=0)
Aug  8 15:00:03 localhost sshd[5796]: User child is on pid 5799