openssh bugs - Feb 2005 - [Bug 977] duplicate log entries when using "sshd -D -e"

http://bugzilla.mindrot.org/show_bug.cgi?id=977

           Summary: duplicate log entries when using "sshd -D -e"
           Product: Portable OpenSSH
           Version: 3.8p1
          Platform: ix86
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: daryl.tester at iocane.com.au


Hi,

When running (Open-)sshd under daemontools, it's recommended to run sshd
with
the options "-D -e" (no daemon, log to stderr).  Logging to stderr
however seems
to cause the "Accepted" log entry to be recorded twice e.g. -

Accepted publickey for root from ::ffff:202.6.156.98 port 48878 ssh2
Accepted publickey for root from ::ffff:202.6.156.98 port 48878 ssh2

(note same source port).  The same log entry to syslog is only printed once.
I can replicate this on a variety of OpenSSH versions - 3.6.1p2 and 3.8p1 under
Linux FC2 and 3.5p1 under FreeBSD 4.10.  3.1p1 on a Linux Redhat 7.2
doesn't,
however (woo? :-).  LogLevel in sshd_config is commented out, so should be
default (INFO?).

I poked around in log.c:do_log() (3.8p1), and discovered through judicious
printf'ing that the second entry occurs in the child process, not the
parent,
although I can't see why this would prevent syslog from printing the second
entry.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=977





------- Additional Comments From dtucker at zip.com.au  2005-02-01 21:30 -------
The is because of privilege separation: when it's on the auth loop runs in
both
privileged and unprivileged processes (add a geteuid() to your printf to see).

It doesn't occur in normal operation because the unpriviliged child is
chrooted
to /var/empty and has no /dev/log to speak to.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=977





------- Additional Comments From dtucker at zip.com.au  2005-02-01 21:40 -------
Created an attachment (id=797)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=797&action=view)
reduce log messages from privsep slave to debug only

If it bugs you try this patch (against -current but should apply to most recent
versions).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=977


daryl.tester at iocane.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From daryl.tester at iocane.com.au  2005-02-01 22:02
-------
Doesn' worry me, it worries my log summary script (and the customer who
viewed the results :-).

Patch works a treat against 3.8p1 - thanks for the quick response.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.