On Nov 5, 2007 1:50 PM, Chris Rapier <rapier at psc.edu>
wrote:> I'm trying to collect some additional user information from the server
> using the 'logit' function. For example, I'm trying to get the
cipher,
> mac, and compression status from kex.c in kex_chose_conf() with
> logit("SSH: %s;Ltype: Kex;Enc: %s;MAC: %s:Comp:
%s",
> ctos ? "Server" : "Client",
> newkeys->enc.name,
> newkeys->mac.name,
> newkeys->comp.name);
>
> right after the similar debug statement. When I'm running the server in
> debug mode this line works fine. However, when I use it in normal mode
> this information doesn't print out at all. I'm assuming this has
> something to do with privilege separation as it works when its disabled.
Right, your code is being run by the preauth privsep slave which is
chrooted and thus does not have access to the syslog socket.
> Is there, or can anyone think of, a way around this?
Make a /dev/log inside the privsep chroot and tell your syslogd to
listen on it in addition to the regular one (this is usually the -a
option to syslogd, but check your platform's doco).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.