openssh bugs - Apr 2005 - [Bug 1011] Multiple log entries for successful pubkey authentication

http://bugzilla.mindrot.org/show_bug.cgi?id=1011

           Summary: Multiple log entries for successful pubkey
                    authentication
           Product: Portable OpenSSH
           Version: 4.0p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: vinschen at redhat.com


When a successful pubkey authentication took place,
two "Accepted publickey" entries occur in syslog.

This happens on all systems having DISABLE_FD_PASSING set,
or for root logins, if privilege separation is enabled.

The cause is apparently that monitor as well as slave
write a syslog entry.

One of these entries should be suppressed.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1011





------- Additional Comments From senthilkumar_sen at hotpop.com  2005-04-08
00:54 -------
This occurs for all Key based Authentication methods. I noted it for gssapi in 
hpux. Wht wud be the cause if we just make it to log once, something like only 
for uid zero.

In auth.c
+   if(getuid() == 0)
        authlog("%s %s for %s%.100s from %.200s port %d%s",

Did it hurt anywhere?

Also the failure messages like
Failed none for user from foo* port *22 ssh2

occurs twice in debug mode.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1011


senthilkumar_sen at hotpop.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |senthilkumar_sen at hotpop.com






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1011





------- Additional Comments From vinschen at redhat.com  2005-04-08 00:59
-------
Adding a uid==0 test is too simple.  It doesn't work for Cygwin
where uid 0 has no meaning at all.  Probably there should be a
flag set if privsep_postauth() is skipped for whatever reason
and tested before printing from the monitor process.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1011





------- Additional Comments From senthilkumar_sen at hotpop.com  2005-04-08
01:28 -------
>It doesn't work for Cygwin where uid 0 has no meaning at all.
Fine. Its not a thumb rule. But hoping tht the process ( with uid !=0 ) shld not
do this logging. 








------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.