Logging the suggested algorithms of the client during key exchange
Darren Tucker
dtucker at zip.com.au
Sun Jul 3 09:17:49 EST 2011
On Sat, Jul 2, 2011 at 4:45 PM, <ssh at bunten.de> wrote:
> for a research project I am trying to log the algorithms suggested by the
> client during key exchange.
[...]
> Unfortunately, it does not log anything when run as a daemon. Only when run
> in debug ('-d' switch) I see the output. I used logit() in other parts to
> add logging and it works great.
The key exchange is conducted by the pre-auth privsep slave which is
chrooted (usually /var/empty), so unless you have a /dev/log inside
the chroot the messages won't make it to syslog.
djm has made some changes after the 5.8 releases that send log
messages via the monitor, so this won't be necessary in future
releases.
You can either tell your syslog to listen on /var/empty/dev/log too or
use a snapshot (http://www.mindrot.org/openssh_snap/).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list