Logging the suggested algorithms of the client during key exchange

Darren Tucker dtucker at zip.com.au
Sun Jul 3 09:17:49 EST 2011

On Sat, Jul 2, 2011 at 4:45 PM,  <ssh at bunten.de> wrote:
> for a research project I am trying to log the algorithms suggested by the
> client during key exchange.
> Unfortunately, it does not log anything when run as a daemon. Only when run
> in debug ('-d' switch) I see the output. I used logit() in other parts to
> add logging and it works great.

The key exchange is conducted by the pre-auth privsep slave which is
chrooted (usually /var/empty), so unless you have a /dev/log inside
the chroot the messages won't make it to syslog.

djm has made some changes after the 5.8 releases that send log
messages via the monitor, so this won't be necessary in future

You can either tell your syslog to listen on /var/empty/dev/log too or
use a snapshot (http://www.mindrot.org/openssh_snap/).

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list