[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: deprecated options in openssh

On Fri, Sep 10, 2021 at 06:10:59PM +0100, Adam Weremczuk wrote:
> On 10/09/2021 17:46, Greg Wooledge wrote:
> 
> > Depends on which syslog daemon implementation you're using, I think.
> 
> My environment: Linux deb10 5.4.44-1-pve #1 SMP PVE 5.4.44-1 (Fri, 12 Jun
> 2020 08:18:46 +0200) x86_64 GNU/Linux
> 
> Pretty minimalistic set up.
> 
> Rsyslog 8.1901.0-1 out of the box, no customisation at all.

It's not a buster kernel, but that's OK.

That is buster's version of rsyslog, so that checks out.

The top page of /etc/rsyslog.conf has (by default) commented-out lines
like:

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

If these are still commented out on your system, then this mystery just
got a lot more mysterious.

Um...

Is your /var/log directory being shared with any other hosts, in any
way?  NFS, Samba, sshfs, who knows what else.  I'm wondering *WHICH HOST*
is writing these syslog entries to your file.

Hmm...

A piece of your original email says:

Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 25: Deprecated option UsePrivilegeSeparation

So, it *claims* that it's being written by the host "deb10".  (You're
not reusing this hostname on any other instances, are you?)

I wonder if it's tcpdump time yet.  Try to capture the syslog traffic
from the network, and see where it's coming from?
Reply to: