Bug#599240: openssh-server: error message snot logged unless PrivilegeSeparation off
On Tue, Oct 05, 2010 at 07:40:26PM -0700, Russ Allbery <rra@debian.org> wrote:
> > this is somewhat serious as no message whatsoever gets logged for
> > semi-successfull log-ins.
>
> Er, that's strange. What PAM modules are you seeing this with? I always
whatever comes with debian as default.
> use sshd with PrivilegeSeparation enabled, and so far as I can remember my
> PAM modules have never had any trouble logging output to syslog, including
> full debug output for every step in the process. Maybe something new
> changed, but I would have thought I'd notice.
What luck that I found out how to reproduce it a while later: remove the
/etc/shadow entry for the user, and you get connection closed but no log
messages whatsoever. strace shows that sshd tried to open /dev/log, but
gets ENOENT, which makes sense in the context.
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schmorp@schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
Reply to: