[Bug 2503] The sshd log files are insufficient to detect sessions

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 11 13:54:25 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2503

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at zip.com.au
   Attachment #2765|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2765
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2765&action=edit
include port number in more places

Loglevel=verbose already gives you most of the information you want:

Dec 11 13:26:53 fuyu sshd[14096]: Connection from 203.217.30.82 port
36726 on 203.217.30.81 port 22
Dec 11 13:26:54 fuyu sshd[14096]: Postponed publickey for djm from
203.217.30.82 port 36726 ssh2 [preauth]
Dec 11 13:26:58 fuyu sshd[14096]: Accepted publickey for djm from
203.217.30.82 port 36726 ssh2: ECDSA
SHA256:LmoNaxGFFurT6S2Q67RFuuxIq4is0rVLLdkt6Qgvy66E
Dec 11 13:26:58 fuyu sshd[14096]: User child is on pid 17347
Dec 11 13:26:58 fuyu sshd[17347]: Starting session: shell on ttyp2 for
djm from 203.217.30.82 port 36726
Dec 11 13:27:13 fuyu sshd[17347]: Received disconnect from
203.217.30.82: 11: disconnected by user
Dec 11 13:27:13 fuyu sshd[17347]: Disconnected from 203.217.30.82

That being said, we could include the port in disconnect messages.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list