Logging Port Forwards

Peter Kwangjun Suk suk at pobox.com
Fri Oct 5 20:38:00 EST 2001


We're using OpenSSH to let our customers set up encrypted port forwarding
tunnels so that we can do support by VNC-ing to their desktops.  We've set
up "session" accounts that have completely restricted shells and randomly
generated passwords which change themselves with every log-in.  

To complete the security for this set-up we'd like sshd to keep a log of
the port forwards.  It appears that the port forwards are logged in DEBUG
mode, but of course this is not acceptable for normal running.  I think
that I know where we would modify the code, but I would like to confirm

line 1850 of channels.c:

	debug("Local forwarding listening on %s port %s.", ntop, strport);

Also, add something to line 1924.  Am I on the right track, or is this
actually the ssh client side of things?  

I also would like a pointer to logging -- where does the normal logging
for logins happen?


Peter Kwangjun Suk
suk at pobox.com

More information about the openssh-unix-dev mailing list