BestHub
search
Sign in
Operations 14 min read

Master rsyslog & OpenSSH: Step‑by‑Step Server Logging and Secure Access

This guide walks you through configuring rsyslog for centralized log collection, distinguishing syslog and klog processes, and setting up OpenSSH with host keys and password‑less RSA authentication, including practical command examples and essential rsyslog and SSH options.

Raymond Ops
Raymond Ops
Raymond Ops
Master rsyslog & OpenSSH: Step‑by‑Step Server Logging and Secure Access

Log Management

Both syslogd (user‑space logs) and klogd (kernel logs) run as separate processes.

# ps aux | grep syslogd
root     1194  0.0  0.2 218472 5768 ?   Ssl  16:37   0:00 /usr/sbin/rsyslogd -n
root     1355  0.0  0.0 12108 1088 pts/0 S+   16:48   0:00 grep --color=auto syslogd
# ps aux | grep klogd
root     1362  0.0  0.0 12108 1080 pts/0 S+   16:51   0:00 grep --color=auto klogd

To configure an rsyslog server, clone a VM (full clone) and assign static IPs:

Client (lnh): 192.168.222.250

Server (xbz): 192.168.222.251

Edit

/etc/rsyslog.conf

on the client to enable remote forwarding, then restart the service:

# systemctl restart rsyslog.service

On the server, uncomment the four lines that enable remote reception, then restart rsyslog and temporarily disable the firewall and SELinux enforcement:

# systemctl restart rsyslog.service
# systemctl stop firewalld.service
# setenforce 0

Verify that the server is listening on port 514/UDP and that logs appear with

tail -f /var/log/secure

.

rsyslog configuration screenshot
rsyslog configuration screenshot

OpenSSH

Client (lnh) IP: 192.168.222.250, Server (xbz) IP: 192.168.222.251.

Basic SSH connection example:

# ssh [email protected]
The authenticity of host '192.168.222.251 (192.168.222.251)' can't be established.
ECDSA key fingerprint is SHA256:y11UDaNXs3AnvVUnZQfAim2VHAplF09YOvQp2NemHyk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Warning: Permanently added '192.168.222.251' (ECDSA) to the list of known hosts.
[email protected]'s password:

Host keys are stored in

/etc/ssh/ssh_host_*_key*

on the server. Example of a public host key entry in

~/.ssh/known_hosts

:

192.168.222.251 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKh5FAHxXc6ck4NXY9q32oHHoZrK1+aMTpEo6smApoMbBUfvSd9YxtlRhd9TdPy8qfPwBg6ZdRkEFeRxlIzaSh8=

Generating SSH Key Pairs

On the client:

# ssh-keygen -t rsa
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

Copy the public key to the server:

# ssh-copy-id [email protected]
Number of key(s) added: 1

After the key is installed, password‑less login works:

# ssh [email protected]
Last login: Tue Jul 19 17:05:36 2022 from 192.168.222.1

Repeat the key generation on the server if you also need password‑less access from the client to the server.

Common SCP Options

-r

– recursive copy

-p

– preserve file attributes

-P

– specify remote port

-q

– quiet mode

-a

– archive mode (equivalent to

-rp

)

Linuxopensshrsyslogsystem loggingssh key authentication
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment