ssh at bunten.de
2011-Jul-02 06:45 UTC
Logging the suggested algorithms of the client during key exchange
Hello, for a research project I am trying to log the algorithms suggested by the client during key exchange. I am using the source of version 5.8p2. I figured the function kex_buf2prop() in kex.c might be the place to log that information. I am calling logit() within the for loop -> for (i = 0; i < PROPOSAL_MAX; i++) { proposal[i] = buffer_get_cstring(&b,NULL); debug2("kex_parse_kexinit: %s", proposal[i]); if (first_kex_follows != NULL) { logit("[client prop] kex %i: '%s' from %s", i, proposal[i], get_remote_ipaddr()); } } Unfortunately, it does not log anything when run as a daemon. Only when run in debug ('-d' switch) I see the output. I used logit() in other parts to add logging and it works great. My question: What am i doing wrong and how can I log the proposed algorithms properly? (Please note: I am interested in the suggestions from the client and not the ciphers client and server finally use!) Any helpfull suggestion appreciated! Regards Andreas
Darren Tucker
2011-Jul-02 23:17 UTC
Logging the suggested algorithms of the client during key exchange
On Sat, Jul 2, 2011 at 4:45 PM, <ssh at bunten.de> wrote:> for a research project I am trying to log the algorithms suggested by the > client during key exchange.[...]> Unfortunately, it does not log anything when run as a daemon. Only when run > in debug ('-d' switch) I see the output. I used logit() in other parts to > add logging and it works great.The key exchange is conducted by the pre-auth privsep slave which is chrooted (usually /var/empty), so unless you have a /dev/log inside the chroot the messages won't make it to syslog. djm has made some changes after the 5.8 releases that send log messages via the monitor, so this won't be necessary in future releases. You can either tell your syslog to listen on /var/empty/dev/log too or use a snapshot (http://www.mindrot.org/openssh_snap/). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4? 37C9 C982 80C7 8FF4 FA69 ? ? Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
rapier
2011-Jul-06 15:54 UTC
Logging the suggested algorithms of the client during key exchange
I created something like this to do some basic server side logging with http://www.psc.edu/networking/projects/hpn-ssh/openssh5.8-server-logging.diff It doesn't do the proposal though. However, as Darren said you have to monitor a log in the chroot jail. From the direction to my patch... "This patch adds additional logging to the SSHD server including encryption used, remote address and port, user name, remote version information, total bytes transferred, and average throughput. In order to use this patch you *must* direct syslogd to use an additional logging socket. This socket will be located in the sshd chroot, typically /var/empty. As such you will need to create a /var/empty/dev directory and add '-a /var/empty/dev/log' to your syslogd configuration." Good luck! On 7/2/11 2:45 AM, ssh at bunten.de wrote:> Hello, > > for a research project I am trying to log the algorithms suggested by > the client during key exchange. > > I am using the source of version 5.8p2. I figured the function > kex_buf2prop() in kex.c might be the place to log that information. I am > calling logit() within the for loop -> > > for (i = 0; i < PROPOSAL_MAX; i++) { > proposal[i] = buffer_get_cstring(&b,NULL); > debug2("kex_parse_kexinit: %s", proposal[i]); > > if (first_kex_follows != NULL) { > logit("[client prop] kex %i: '%s' from %s", > i, proposal[i], get_remote_ipaddr()); > } > } > > Unfortunately, it does not log anything when run as a daemon. Only when > run in debug ('-d' switch) I see the output. I used logit() in other > parts to add logging and it works great. > > My question: What am i doing wrong and how can I log the proposed > algorithms properly? > > (Please note: I am interested in the suggestions from the client and not > the ciphers client and server finally use!) > > Any helpfull suggestion appreciated! > > Regards > Andreas > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev