Opty
2024-May-31 20:04 UTC
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Thu, May 30, 2024 at 6:02?PM Opty <opty77 at gmail.com> wrote:> On Thu, May 30, 2024 at 3:03?AM Damien Miller <djm at mindrot.org> wrote: > > On Wed, 29 May 2024, Opty wrote: > > > On Mon, May 27, 2024 at 4:18?AM Damien Miller <djm at mindrot.org> wrote: > > > > Yeah, you're adding a new thing that will be logged. IMO you should > > > > try to figure out why the "Connection closed" message that is present > > > > in the debug log you sent is not making to to your syslog. > > > > > > If I change LogLevel in /etc/ssh/sshd_config from default INFO to > > > VERBOSE then I see 'Connection closed' message but also others which I > > > don't want. > > > > > > I also tried 'LogVerbose packet.c:sshpkt_vfatal():*' and even > > > 'LogVerbose *:sshpkt_vfatal():*' (both with 'LogLevel INFO') but none > > > worked. > > > > What version OpenSSH are you using? Are you building from source or are > > you using a vendor/distribution packaging? It's possible that someone > > else has modified the log level, but in the version we ship these are > > all at loglevel INFO > > 9.3p2, 64-bit Slackware 15.0 package which uses two patches but they > look LogLevel-safe to me, you can check at > http://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/source/openssh/9.7p1 built from source without TCP wrappers and still no 'Connection closed' at 'LogLevel INFO'. Regards, Opty
Damien Miller
2024-Jun-01 03:23 UTC
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Fri, 31 May 2024, Opty wrote:> > 9.3p2, 64-bit Slackware 15.0 package which uses two patches but they > > look LogLevel-safe to me, you can check at > > http://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/source/openssh/ > > 9.7p1 built from source without TCP wrappers and still no 'Connection > closed' at 'LogLevel INFO'.You might be hitting this exit path: diff --git a/serverloop.c b/serverloop.c index 4eabfced6..bf45f77a2 100644 --- a/serverloop.c +++ b/serverloop.c @@ -266,11 +266,11 @@ process_input(struct ssh *ssh, int connection_in) if (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK) return 0; if (errno == EPIPE) { - verbose("Connection closed by %.100s port %d", + logit("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; } - verbose("Read error from remote host %s port %d: %s", + logit("Read error from remote host %s port %d: %s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), strerror(errno)); cleanup_exit(255);
Possibly Parallel Threads
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
- OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT