LogLevel debug2 handshake logging only on some logins, not on every login of a user
Hildegard Meier
daku8938 at gmx.de
Tue May 10 02:16:54 AEST 2022
Running Ubuntu 18.04.1 LTS with package openssh-server 7.6p1-4ubuntu0.5
In /etc/ssh/sshd_config is set LogLevel DEBUG2.
I get the debug2 log message of the client MACs offering part of handshake:
May 3 18:51:05 10.10.10.10 sshd[14300]: debug2: MACs ctos: hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
and afterwards in the same second the login log entry for user "abc" login from IP 1.2.3.4 with the same sshd PID, so I guess this login message belongs to the first debug2 log entry:
May 3 18:51:05 10.10.10.10 sshd[14300]: Accepted password for abc from 1.2.3.4 port 51294 ssh2
But I get the according (same PID, roughly same second) debug2 handshake log entry not for every Accepted password log entry, only for a small fraction of logins.
E.g. I observe a user logging in 2525 times on a day, but I can see the according debug2: MACs ctos: log entry (same PID, roughly same time) only for 155 of those logins.
This happens accross all user logins, so it is not user specific.
Is this a bug or a feature? Is there some handshake info cache, so full handshake is not done (or logged) on every login? How can I achieve that for every login the debug2 handshake log entry is made?
Hildegard
More information about the openssh-unix-dev
mailing list