You are not logged in.
- Topics: Active | Unanswered
#1 2019-02-23 13:17:05
- Harkonnen
- Member
- Registered: 2013-03-24
- Posts: 20
Disable PAM logging for a specific user
I want to be able to disable all PAM logging for a specific user when logging via SSHD for anonymity purposes. However, PAM logs by default login failures:
Feb 23 09:35:30 mymachine sshd[5606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXXX user=foobarI have tried to use pam_if_succeed.so to disable logging for user foobar, but without any success. The problem is that I cannot identify the part of the PAM stack where the failure is logged. I've followed the sshd -> system-remote-login -> system-login -> system-auth chain, but I am unable to discover which component is performing the logging of failures, or how to disable it.
Thanks in advance for your help.
Offline
#2 2019-02-23 16:06:34
- seth
- Member
- Registered: 2012-09-03
- Posts: 51,229
Re: Disable PAM logging for a specific user
The one that's in the message.
strings /usr/lib/security/pam_unix.so | grep authenticationAfaik you cannot suppress this message. Is this *really* because of anonymity (just don't fail) or because of attack spam?
Use/enforce public key authentication?
Online
#3 2019-02-23 16:41:41
- Harkonnen
- Member
- Registered: 2013-03-24
- Posts: 20
Re: Disable PAM logging for a specific user
I have to provide anonymous access to my machine for user foobar (i.e., I should not be able to know which IPs are trying to connect there). "Just don't fail" is good, but I guess accidents happen. Public key authentication would be a good solution, but is now out of the questions for reasons difficult to explain without making this post longer than it should be.
In any case, thanks for the information. It is very useful.
Offline