Opty
2024-May-22 17:29 UTC
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Wed, May 22, 2024 at 6:29?AM Damien Miller <djm at mindrot.org> wrote:> OpenSSH logs the disconnection regardless of whether the client sends > SSH_MSG_DISCONNECT or just drops the connection. > > A little more information may be logged from the disconnect packet > if it was sent, but there should always be a "Connection closed by ..." > message regardless.I should have shown examples from the system log. SSH-2.0-OpenSSH_9.3: 2024-05-19T15:48:06.591206+02:00 qeporkak sshd 15053 - - Accepted keyboard-interactive/pam for opty from 127.0.0.1 port 41006 ssh2 2024-05-19T15:48:06.601660+02:00 qeporkak elogind-daemon 1111 - - New session 2 of user opty. 2024-05-19T15:48:07.797821+02:00 qeporkak sshd 15058 - - Received disconnect from 127.0.0.1 port 41006:11: disconnected by user 2024-05-19T15:48:07.797967+02:00 qeporkak sshd 15058 - - Disconnected from user opty 127.0.0.1 port 41006 2024-05-19T15:48:07.802031+02:00 qeporkak elogind-daemon 1111 - - Removed session 2. SSH-2.0-PuTTY_Release_0.81: 2024-05-19T15:58:43.680548+02:00 qeporkak sshd 15171 - - Accepted keyboard-interactive/pam for opty from 127.0.0.1 port 39223 ssh2 2024-05-19T15:58:43.688472+02:00 qeporkak elogind-daemon 1111 - - New session 3 of user opty. 2024-05-19T15:58:45.000831+02:00 qeporkak elogind-daemon 1111 - - Removed session 3. Neither 'Received disconnect' nor 'Disconnected' with PuTTY. Regards, Opty
Damien Miller
2024-May-22 23:24 UTC
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Wed, 22 May 2024, Opty wrote:> On Wed, May 22, 2024 at 6:29?AM Damien Miller <djm at mindrot.org> wrote: > > OpenSSH logs the disconnection regardless of whether the client sends > > SSH_MSG_DISCONNECT or just drops the connection. > > > > A little more information may be logged from the disconnect packet > > if it was sent, but there should always be a "Connection closed by ..." > > message regardless. > > I should have shown examples from the system log. > > SSH-2.0-OpenSSH_9.3: > > 2024-05-19T15:48:06.591206+02:00 qeporkak sshd 15053 - - Accepted > keyboard-interactive/pam for opty from 127.0.0.1 port 41006 ssh2 > 2024-05-19T15:48:06.601660+02:00 qeporkak elogind-daemon 1111 - - New > session 2 of user opty. > 2024-05-19T15:48:07.797821+02:00 qeporkak sshd 15058 - - Received > disconnect from 127.0.0.1 port 41006:11: disconnected by user > 2024-05-19T15:48:07.797967+02:00 qeporkak sshd 15058 - - Disconnected > from user opty 127.0.0.1 port 41006 > 2024-05-19T15:48:07.802031+02:00 qeporkak elogind-daemon 1111 - - > Removed session 2. > > SSH-2.0-PuTTY_Release_0.81: > > 2024-05-19T15:58:43.680548+02:00 qeporkak sshd 15171 - - Accepted > keyboard-interactive/pam for opty from 127.0.0.1 port 39223 ssh2 > 2024-05-19T15:58:43.688472+02:00 qeporkak elogind-daemon 1111 - - New > session 3 of user opty. > 2024-05-19T15:58:45.000831+02:00 qeporkak elogind-daemon 1111 - - > Removed session 3. > > Neither 'Received disconnect' nor 'Disconnected' with PuTTY.Could you run sshd in debug mode and capture a full trace? Thanks, Damien Miller