sshd double-logging

[Corinna Vinschen]

On Feb 12 13:54, Corinna Vinschen wrote:
> On Feb 12 12:08, Darren Tucker wrote:
> > Hi all.
> > 
> > As Corinna pointed out, there are some cases where sshd will log some
> > authentications twice when privsep=yes.
> > 
> > This can happen on any platform although it seems most obvious on the
> > ones that don't do post-auth privsep.  It also occurs when sshd logs
> > to stderr (eg running under daemontools) or when you have a /dev/log in
> > the privsep chroot.
> > 
> > The patch below attempts to solve this for the general case.  The idea
> > is that everything is logged by the monitor, except for "postponed"
> > authentications.  (The monitor never knows about the "postponed"
> > ones since the slave is just waiting for a response from the client.
> > I don't think it's worth another monitor call to log those.)
> 
> Thanks for the patch, but...  instead of two, I now have three messages
> in the syslog:
> 
> Feb 12 13:51:19 cathi sshd: PID 3796: Failed none for corinna from 192.168.129.6 port 41585 ssh2 
> Feb 12 13:51:19 cathi sshd: PID 1692: Postponed publickey for corinna from 192.168.129.6 port 41585 ssh2 
> Feb 12 13:51:19 cathi sshd: PID 3796: Accepted publickey for corinna from 192.168.129.6 port 41585 ssh
> 
> This is identical with and without privsep.

... and I get four log entries when no public key is available, so I guess
the number of log entries now matches basically the number of authentication
methods used:

Feb 12 14:07:50 cathi sshd: PID 3264: Failed none for corinna from 192.168.129.6 port 42800 ssh2 
Feb 12 14:07:50 cathi sshd: PID 3264: Failed publickey for corinna from 192.168.129.6 port 42800 ssh2 
Feb 12 14:07:50 cathi sshd: PID 3264: Failed publickey for corinna from 192.168.129.6 port 42800 ssh2 
Feb 12 14:07:55 cathi sshd: PID 3264: Accepted password for corinna from 192.168.129.6 port 42800 ssh2


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat