Bug#599240: openssh-server: error message snot logged unless PrivilegeSeparation off
Marc Lehmann <schmorp@schmorp.de> writes:
> What luck that I found out how to reproduce it a while later: remove the
> /etc/shadow entry for the user, and you get connection closed but no log
> messages whatsoever.
I think that's just because pam_unix doesn't log anything in this case.
I've run into that before.
> strace shows that sshd tried to open /dev/log, but gets ENOENT, which
> makes sense in the context.
I'm pretty sure this is a red herring, since the account portion of the
pam_krb5 module (which is where this is checked in pam_unix) is able to
log to syslog even with PrivilegeSeparation turned on.
Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:auth): user eagle authenticated as rra@stanford.edu
Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:account): pam_sm_acct_mgmt: entry (0x0)
Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:account): (user eagle) retrieving principal from cache
Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:account): pam_sm_acct_mgmt: exit (success)
Oct 6 19:43:32 windlord sshd[19307]: Accepted password for eagle from 171.67.225.134 port 45240 ssh2
Oct 6 19:43:32 windlord sshd[19307]: pam_unix(sshd:session): session opened for user eagle by (uid=0)
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: