Multiple log entries for successful pubkey authentication

Darren Tucker dtucker at zip.com.au
Thu Apr 7 21:49:06 EST 2005


Corinna Vinschen wrote:
> With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog
> when a pubkey authentication logon was successful:
> 
>   Apr  7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2
>   Apr  7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2
> 
> I found that this only happens when privilege separation is used.  If I
> switch privilege separation off, I'm getting only one entry in the syslog.

I think that's because the auth_log is called twice: once in the monitor 
and once in the slave.  If that's the case you should find one log entry 
was done as the user logging in and the other as the privileged user 
running sshd.

> Bug?  Feature?

Not sure :-)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list