Re: deprecated options in openssh
On Fri, Sep 10, 2021 at 10:33:47AM +0100, Adam Weremczuk wrote:
> Weeks later it happened again and I'm not any less puzzled:
What's "it"?
> /var/log/syslog
>
> Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 25: Deprecated
> option UsePrivilegeSeparation
Fine, just comment out the offending lines....
> Not matching what's in the file:
>
> awk 'NR==25' /etc/ssh/sshd_config
>
> awk 'NR==28' /etc/ssh/sshd_config
>
> awk 'NR==29' /etc/ssh/sshd_config
> # Lifetime and size of ephemeral version 1 server key
OK, so "it" is in fact "The warnings in syslog contain line numbers which
do not align with the line numbers of the file that I see"?
Seems harmless enough -- just comment out the offending options wherever
they are, ignoring the line numbers in the warnings.
> The service hasn't been restarted around that time and the file hasn't been
> modified for even longer:
>
> systemctl status ssh.service | grep running
> Active: active (running) since Wed 2021-08-18 17:36:45 UTC; 3 weeks 1
> days ago
All right, now we're getting somewhere.
Is it possible that these lines are being remotely syslogged to you from
another host?
It's unfortunate that you omitted most of the systemctl output. It would
have been nice to see whether PID 145 is actually sshd on this host. You
could also check by hand, of course: ps -fp 145 and ps -ef | grep sshd
You might also want to double-check "journalctl -u ssh" against the
contents of the syslog file. As far as I know, the systemd journal
cannot accept input from a foreign host, so it should always show
info that comes from services running on localhost.
Reply to: