[Bug 2082] Please add pubkey fingerprint to authentication log message

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Apr 13 00:04:54 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2082

Gabor K Horvath <gahorvath at npsh.hu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gahorvath at npsh.hu

--- Comment #3 from Gabor K Horvath <gahorvath at npsh.hu> ---
(In reply to comment #2)
> It's a bit awkward to have to parse multiple lines including keeping
> context (the pid) to see if a user possible logged in or not :/ (and
> most scripts just do it wrong).

I have to agree.

The fact that it's a multi line log entry makes it more difficult to
parse. This is a concern for everyone doing log analysis (with a SIEM
for example).
If I turn on the verbose option, I break the existing parsers for
openSSH logs. All those are usually single line events. This is a
multi-line event.
Besides using the verbose option makes sshd a lot more chatty, having
the key fingerprint on the log in line would be a lot nicer.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list