Multiple log entries for successful pubkey authentication
Darren Tucker
dtucker at zip.com.au
Thu Apr 7 22:52:34 EST 2005
Corinna Vinschen wrote:
> On Apr 7 21:49, Darren Tucker wrote:
>>I think that's because the auth_log is called twice: once in the monitor
>>and once in the slave. If that's the case you should find one log entry
>>was done as the user logging in and the other as the privileged user
>>running sshd.
>
> Yeah, that's what happens. In the above log entries you see that the
> logs come from different PIDs. As I wrote in my previous mail, I'm
> still wondering if DISABLE_FD_PASSING is the cause. But the result
> should be identical to a root login on other OSes, see the first few
> lines in sshd.c, function privsep_postauth(). However, a root login
> on Linux does not result in multiple log entries, so that's not the
> whole explanation...
It does in debug mode:
debug1: ssh_rsa_verify: signature correct
Accepted publickey for root from ::ffff:127.0.0.1 port 40694 ssh2
debug1: monitor_child_preauth: root has been authenticated by privileged
process
Accepted publickey for root from ::ffff:127.0.0.1 port 40694 ssh2
The one from the privsep slave won't get logged in normal operations,
since it's chrooted to /var/empty and has no /dev/log to talk to syslogd.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list