Re: deprecated options in openssh
On Fri, Sep 10, 2021 at 06:10:59PM +0100, Adam Weremczuk wrote:
> On 10/09/2021 17:46, Greg Wooledge wrote:
>
> > Depends on which syslog daemon implementation you're using, I think.
>
> My environment: Linux deb10 5.4.44-1-pve #1 SMP PVE 5.4.44-1 (Fri, 12 Jun
> 2020 08:18:46 +0200) x86_64 GNU/Linux
>
> Pretty minimalistic set up.
>
> Rsyslog 8.1901.0-1 out of the box, no customisation at all.
It's not a buster kernel, but that's OK.
That is buster's version of rsyslog, so that checks out.
The top page of /etc/rsyslog.conf has (by default) commented-out lines
like:
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
If these are still commented out on your system, then this mystery just
got a lot more mysterious.
Um...
Is your /var/log directory being shared with any other hosts, in any
way? NFS, Samba, sshfs, who knows what else. I'm wondering *WHICH HOST*
is writing these syslog entries to your file.
Hmm...
A piece of your original email says:
Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 25: Deprecated option UsePrivilegeSeparation
So, it *claims* that it's being written by the host "deb10". (You're
not reusing this hostname on any other instances, are you?)
I wonder if it's tcpdump time yet. Try to capture the syslog traffic
from the network, and see where it's coming from?
Reply to: