Multiple log entries for successful pubkey authentication
Darren Tucker
dtucker at zip.com.au
Thu Apr 7 21:49:06 EST 2005
Corinna Vinschen wrote:
> With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog
> when a pubkey authentication logon was successful:
>
> Apr 7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2
> Apr 7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2
>
> I found that this only happens when privilege separation is used. If I
> switch privilege separation off, I'm getting only one entry in the syslog.
I think that's because the auth_log is called twice: once in the monitor
and once in the slave. If that's the case you should find one log entry
was done as the user logging in and the other as the privileged user
running sshd.
> Bug? Feature?
Not sure :-)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list