Logging sessions.

goudal at enseirb.fr goudal at enseirb.fr
Tue Mar 18 19:21:04 EST 2003


Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
--------


Hello,

I upgraded to the last openssh and I have found the followin problem :
it is not possible in the logs to match the end of a session with the begining.
In the previous versions, with no secure separation, the pid found in syslog 
could
do the job, but now the opening and closing processes are different.

I have done an horrible hack to get the info : I have added the print of the 
ppid
in the closing messages, as it appears that the closing process is the son of 
the
opening one. But it's juste an hack. I imagine that this modification does not 
add
a security problem.

Could it be possible to attache an id to each session so that it is possible 
to match
opening and closing event ? Or is there an hidden problem that I have not seen 
?

f.g.







More information about the openssh-unix-dev mailing list