Opty
2024-May-30 16:02 UTC
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Thu, May 30, 2024 at 3:03?AM Damien Miller <djm at mindrot.org> wrote:> On Wed, 29 May 2024, Opty wrote: > > On Mon, May 27, 2024 at 4:18?AM Damien Miller <djm at mindrot.org> wrote: > > > Yeah, you're adding a new thing that will be logged. IMO you should > > > try to figure out why the "Connection closed" message that is present > > > in the debug log you sent is not making to to your syslog. > > > > If I change LogLevel in /etc/ssh/sshd_config from default INFO to > > VERBOSE then I see 'Connection closed' message but also others which I > > don't want. > > > > I also tried 'LogVerbose packet.c:sshpkt_vfatal():*' and even > > 'LogVerbose *:sshpkt_vfatal():*' (both with 'LogLevel INFO') but none > > worked. > > What version OpenSSH are you using? Are you building from source or are > you using a vendor/distribution packaging? It's possible that someone > else has modified the log level, but in the version we ship these are > all at loglevel INFO9.3p2, 64-bit Slackware 15.0 package which uses two patches but they look LogLevel-safe to me, you can check at http://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/source/openssh/ Regards, Opty
Opty
2024-May-31 20:04 UTC
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Thu, May 30, 2024 at 6:02?PM Opty <opty77 at gmail.com> wrote:> On Thu, May 30, 2024 at 3:03?AM Damien Miller <djm at mindrot.org> wrote: > > On Wed, 29 May 2024, Opty wrote: > > > On Mon, May 27, 2024 at 4:18?AM Damien Miller <djm at mindrot.org> wrote: > > > > Yeah, you're adding a new thing that will be logged. IMO you should > > > > try to figure out why the "Connection closed" message that is present > > > > in the debug log you sent is not making to to your syslog. > > > > > > If I change LogLevel in /etc/ssh/sshd_config from default INFO to > > > VERBOSE then I see 'Connection closed' message but also others which I > > > don't want. > > > > > > I also tried 'LogVerbose packet.c:sshpkt_vfatal():*' and even > > > 'LogVerbose *:sshpkt_vfatal():*' (both with 'LogLevel INFO') but none > > > worked. > > > > What version OpenSSH are you using? Are you building from source or are > > you using a vendor/distribution packaging? It's possible that someone > > else has modified the log level, but in the version we ship these are > > all at loglevel INFO > > 9.3p2, 64-bit Slackware 15.0 package which uses two patches but they > look LogLevel-safe to me, you can check at > http://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/source/openssh/9.7p1 built from source without TCP wrappers and still no 'Connection closed' at 'LogLevel INFO'. Regards, Opty
Reasonably Related Threads
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT