sshd double-logging
Corinna Vinschen
vinschen at redhat.com
Sun Feb 12 23:54:58 EST 2006
On Feb 12 12:08, Darren Tucker wrote:
> Hi all.
>
> As Corinna pointed out, there are some cases where sshd will log some
> authentications twice when privsep=yes.
>
> This can happen on any platform although it seems most obvious on the
> ones that don't do post-auth privsep. It also occurs when sshd logs
> to stderr (eg running under daemontools) or when you have a /dev/log in
> the privsep chroot.
>
> The patch below attempts to solve this for the general case. The idea
> is that everything is logged by the monitor, except for "postponed"
> authentications. (The monitor never knows about the "postponed"
> ones since the slave is just waiting for a response from the client.
> I don't think it's worth another monitor call to log those.)
Thanks for the patch, but... instead of two, I now have three messages
in the syslog:
Feb 12 13:51:19 cathi sshd: PID 3796: Failed none for corinna from 192.168.129.6 port 41585 ssh2
Feb 12 13:51:19 cathi sshd: PID 1692: Postponed publickey for corinna from 192.168.129.6 port 41585 ssh2
Feb 12 13:51:19 cathi sshd: PID 3796: Accepted publickey for corinna from 192.168.129.6 port 41585 ssh
This is identical with and without privsep.
Corinna
PS: I won't be able to test further patches until wednesday.
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list