OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
Damien Miller
djm at mindrot.org
Thu May 23 09:24:03 AEST 2024
On Wed, 22 May 2024, Opty wrote:
> On Wed, May 22, 2024 at 6:29 AM Damien Miller <djm at mindrot.org> wrote:
> > OpenSSH logs the disconnection regardless of whether the client sends
> > SSH_MSG_DISCONNECT or just drops the connection.
> >
> > A little more information may be logged from the disconnect packet
> > if it was sent, but there should always be a "Connection closed by ..."
> > message regardless.
>
> I should have shown examples from the system log.
>
> SSH-2.0-OpenSSH_9.3:
>
> 2024-05-19T15:48:06.591206+02:00 qeporkak sshd 15053 - - Accepted
> keyboard-interactive/pam for opty from 127.0.0.1 port 41006 ssh2
> 2024-05-19T15:48:06.601660+02:00 qeporkak elogind-daemon 1111 - - New
> session 2 of user opty.
> 2024-05-19T15:48:07.797821+02:00 qeporkak sshd 15058 - - Received
> disconnect from 127.0.0.1 port 41006:11: disconnected by user
> 2024-05-19T15:48:07.797967+02:00 qeporkak sshd 15058 - - Disconnected
> from user opty 127.0.0.1 port 41006
> 2024-05-19T15:48:07.802031+02:00 qeporkak elogind-daemon 1111 - -
> Removed session 2.
>
> SSH-2.0-PuTTY_Release_0.81:
>
> 2024-05-19T15:58:43.680548+02:00 qeporkak sshd 15171 - - Accepted
> keyboard-interactive/pam for opty from 127.0.0.1 port 39223 ssh2
> 2024-05-19T15:58:43.688472+02:00 qeporkak elogind-daemon 1111 - - New
> session 3 of user opty.
> 2024-05-19T15:58:45.000831+02:00 qeporkak elogind-daemon 1111 - -
> Removed session 3.
>
> Neither 'Received disconnect' nor 'Disconnected' with PuTTY.
Could you run sshd in debug mode and capture a full trace?
Thanks,
Damien Miller
More information about the openssh-unix-dev
mailing list