Corinna Vinschen
2005-Apr-07 11:22 UTC
Multiple log entries for successful pubkey authentication
Hi, I'm wondering if that's planned or just occuring accidentally. With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog when a pubkey authentication logon was successful: Apr 7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2 Apr 7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2 I found that this only happens when privilege separation is used. If I switch privilege separation off, I'm getting only one entry in the syslog. Bug? Feature? Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat, Inc.
Darren Tucker
2005-Apr-07 11:49 UTC
Multiple log entries for successful pubkey authentication
Corinna Vinschen wrote:> With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog > when a pubkey authentication logon was successful: > > Apr 7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2 > Apr 7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2 > > I found that this only happens when privilege separation is used. If I > switch privilege separation off, I'm getting only one entry in the syslog.I think that's because the auth_log is called twice: once in the monitor and once in the slave. If that's the case you should find one log entry was done as the user logging in and the other as the privileged user running sshd.> Bug? Feature?Not sure :-) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Damien Miller
2005-Apr-07 11:58 UTC
Multiple log entries for successful pubkey authentication
Corinna Vinschen wrote:> Hi, > > I'm wondering if that's planned or just occuring accidentally. > > With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog > when a pubkey authentication logon was successful: > > Apr 7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2 > Apr 7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2I think that this is a bug - could you file one on bugzilla? -d
Thomas Baden
2005-Apr-08 17:59 UTC
Multiple log entries for successful pubkey authentication
Oops, I almost forgot... The double-logging I'm seeing is through the -e option to log to stderr. I see the double logs for all logins (root logins being disabled on my host). I don't know if that helps or not, but there it is. Cheers, -Thomas __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com