sshd double-logging
Darren Tucker
dtucker at zip.com.au
Mon Feb 13 06:37:07 EST 2006
On Sun, Feb 12, 2006 at 02:10:04PM +0100, Corinna Vinschen wrote:
> > Thanks for the patch, but... instead of two, I now have three messages
> > in the syslog:
> >
> > Feb 12 13:51:19 cathi sshd: PID 3796: Failed none for corinna from 192.168.129.6 port 41585 ssh2
> > Feb 12 13:51:19 cathi sshd: PID 1692: Postponed publickey for corinna from 192.168.129.6 port 41585 ssh2
> > Feb 12 13:51:19 cathi sshd: PID 3796: Accepted publickey for corinna from 192.168.129.6 port 41585 ssh
No, that's okay. There's 3 messages but they're different (no dupes).
If you comment out the line marked "XXX for testing only" then it should
behave as you are used to. (Normally, most failed auth attempts are
logged only with a severity of "verbose" until MaxAuthTries/2 attempts
have been made to cut down on the noise. I disabled that for the purposes
of testing.)
> > This is identical with and without privsep.
Excellent, that's the idea :-)
> ... and I get four log entries when no public key is available, so I guess
> the number of log entries now matches basically the number of authentication
> methods used:
>
> Feb 12 14:07:50 cathi sshd: PID 3264: Failed none for corinna from 192.168.129.6 port 42800 ssh2
> Feb 12 14:07:50 cathi sshd: PID 3264: Failed publickey for corinna from 192.168.129.6 port 42800 ssh2
> Feb 12 14:07:50 cathi sshd: PID 3264: Failed publickey for corinna from 192.168.129.6 port 42800 ssh2
> Feb 12 14:07:55 cathi sshd: PID 3264: Accepted password for corinna from 192.168.129.6 port 42800 ssh2
If you run the client with -vvv can you actually see it try 2 public keys?
That happens for me because I have 2 keys available (rsa and dsa).
Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list