Logging the suggested algorithms of the client during key exchange

Damien Miller djm at mindrot.org
Sun Jul 3 17:58:01 EST 2011


On Sun, 3 Jul 2011, Darren Tucker wrote:

> On Sat, Jul 2, 2011 at 4:45 PM,  <ssh at bunten.de> wrote:
> > for a research project I am trying to log the algorithms suggested by the
> > client during key exchange.
> [...]
> > Unfortunately, it does not log anything when run as a daemon. Only when run
> > in debug ('-d' switch) I see the output. I used logit() in other parts to
> > add logging and it works great.
> 
> The key exchange is conducted by the pre-auth privsep slave which is
> chrooted (usually /var/empty), so unless you have a /dev/log inside
> the chroot the messages won't make it to syslog.
> 
> djm has made some changes after the 5.8 releases that send log
> messages via the monitor, so this won't be necessary in future
> releases.
> 
> You can either tell your syslog to listen on /var/empty/dev/log too or
> use a snapshot (http://www.mindrot.org/openssh_snap/).

Also, the selected ciphers, MACs and compression choices are already logged
at level DEBUG so you shouldn't need to add logging yourself.

-d


More information about the openssh-unix-dev mailing list