[SOLVED] ZFS replication: Dont log (cluster) ssh logins

N

n0x0n

Member
Jan 20, 2022
35
3
13
I have ZFS replication setup in my cluster, and it replicates 18 LXCs and VMs. 4 are set to "every 15 minutes", the others only replicate once per day or even less frequently.
When a replication runs, sshd spams the journald logs (understandably so), see below. I'd never do this in prod, but on my homelab with CPU and memory constraints and an el-cheapo ssd: What's the best way so this doesn't get logged?
Code: 
May 09 00:45:05 pve sshd[3286023]: Accepted publickey for root from 10.10.1.21 port 60660 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:05 pve sshd[3286023]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:06 pve sshd[3286023]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:17 pve sshd[3286137]: Accepted publickey for root from 10.10.1.21 port 53332 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:17 pve sshd[3286137]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:17 pve sshd[3286137]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:18 pve sshd[3286184]: Accepted publickey for root from 10.10.1.21 port 53334 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:18 pve sshd[3286184]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:18 pve sshd[3286184]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:19 pve sshd[3286184]: Received disconnect from 10.10.1.21 port 53334:11: disconnected by user
May 09 00:45:19 pve sshd[3286184]: Disconnected from user root 10.10.1.21 port 53334
May 09 00:45:19 pve sshd[3286184]: pam_unix(sshd:session): session closed for user root
May 09 00:45:19 pve sshd[3286214]: Accepted publickey for root from 10.10.1.21 port 40780 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:19 pve sshd[3286214]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:19 pve sshd[3286214]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:20 pve sshd[3286214]: Received disconnect from 10.10.1.21 port 40780:11: disconnected by user
May 09 00:45:20 pve sshd[3286214]: Disconnected from user root 10.10.1.21 port 40780
May 09 00:45:20 pve sshd[3286214]: pam_unix(sshd:session): session closed for user root
May 09 00:45:21 pve sshd[3286226]: Accepted publickey for root from 10.10.1.21 port 40784 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:21 pve sshd[3286226]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:21 pve sshd[3286226]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:21 pve sshd[3286226]: Received disconnect from 10.10.1.21 port 40784:11: disconnected by user
May 09 00:45:21 pve sshd[3286226]: Disconnected from user root 10.10.1.21 port 40784
May 09 00:45:21 pve sshd[3286226]: pam_unix(sshd:session): session closed for user root
May 09 00:45:22 pve sshd[3286247]: Accepted publickey for root from 10.10.1.21 port 40796 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:22 pve sshd[3286247]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:22 pve sshd[3286247]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:22 pve sshd[3286247]: Received disconnect from 10.10.1.21 port 40796:11: disconnected by user
May 09 00:45:22 pve sshd[3286247]: Disconnected from user root 10.10.1.21 port 40796
May 09 00:45:22 pve sshd[3286247]: pam_unix(sshd:session): session closed for user root
May 09 00:45:23 pve sshd[3286276]: Accepted publickey for root from 10.10.1.21 port 40802 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:23 pve sshd[3286276]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:23 pve sshd[3286276]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:24 pve sshd[3286276]: Received disconnect from 10.10.1.21 port 40802:11: disconnected by user
May 09 00:45:24 pve sshd[3286276]: Disconnected from user root 10.10.1.21 port 40802
May 09 00:45:24 pve sshd[3286276]: pam_unix(sshd:session): session closed for user root
May 09 00:45:24 pve sshd[3286287]: Accepted publickey for root from 10.10.1.21 port 40808 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:24 pve sshd[3286287]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:24 pve sshd[3286287]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:25 pve sshd[3286287]: Received disconnect from 10.10.1.21 port 40808:11: disconnected by user
May 09 00:45:25 pve sshd[3286287]: Disconnected from user root 10.10.1.21 port 40808
May 09 00:45:25 pve sshd[3286287]: pam_unix(sshd:session): session closed for user root
May 09 00:45:25 pve sshd[3286310]: Accepted publickey for root from 10.10.1.21 port 40816 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:25 pve sshd[3286310]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:25 pve sshd[3286310]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:26 pve sshd[3286310]: Received disconnect from 10.10.1.21 port 40816:11: disconnected by user
May 09 00:45:26 pve sshd[3286310]: Disconnected from user root 10.10.1.21 port 40816
May 09 00:45:26 pve sshd[3286310]: pam_unix(sshd:session): session closed for user root
May 09 00:45:26 pve sshd[3286357]: Accepted publickey for root from 10.10.1.21 port 40828 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:26 pve sshd[3286357]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:26 pve sshd[3286357]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:27 pve sshd[3286357]: Received disconnect from 10.10.1.21 port 40828:11: disconnected by user
May 09 00:45:27 pve sshd[3286357]: Disconnected from user root 10.10.1.21 port 40828
May 09 00:45:27 pve sshd[3286357]: pam_unix(sshd:session): session closed for user root
May 09 00:45:35 pve sshd[3286399]: Accepted publickey for root from 10.10.1.21 port 57268 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:35 pve sshd[3286399]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:35 pve sshd[3286399]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:36 pve sshd[3286399]: Received disconnect from 10.10.1.21 port 57268:11: disconnected by user
May 09 00:45:36 pve sshd[3286399]: Disconnected from user root 10.10.1.21 port 57268
May 09 00:45:36 pve sshd[3286399]: pam_unix(sshd:session): session closed for user root
May 09 00:45:36 pve sshd[3286456]: Accepted publickey for root from 10.10.1.21 port 57272 ssh2: RSA SHA256:TfelCHCtbHrpp3GLrya24wXdY5CxIqvynUtrDdej6OY
May 09 00:45:36 pve sshd[3286456]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
May 09 00:45:36 pve sshd[3286456]: pam_env(sshd:session): deprecated reading of user environment enabled
May 09 00:45:37 pve sshd[3286456]: Received disconnect from 10.10.1.21 port 57272:11: disconnected by user
May 09 00:45:37 pve sshd[3286456]: Disconnected from user root 10.10.1.21 port 57272
May 09 00:45:37 pve sshd[3286456]: pam_unix(sshd:session): session closed for user root
 
This is entirely specific to sshd. You could adjust the LogLevel in /etc/ssh/sshd_config (see https://www.man7.org/linux/man-pages/man5/sshd_config.5.html) and/or LogVerbose, maybe.

But esp. with the former you'd suppress log messages for all logins, which is probably not want you really want in general.
 
You must log in or register to reply here.
Top Bottom