Red Hat Bugzilla – Full Text Bug Listing
|Summary:||sshd logs 3 messages to /var/log/secure for every login|
|Product:||[Fedora] Fedora||Reporter:||Jordan Russell <jr-redhatbugs2>|
|Component:||openssh||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED UPSTREAM||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-04-18 08:55:56 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jordan Russell 2006-04-17 13:34:46 EDT
Description of problem: sshd logs 3 messages to /var/log/secure for every successful (publickey) login. Version-Release number of selected component (if applicable): openssh-4.3p2-4 How reproducible: $ sshd root@somehost [root@somehost ~]# tail /var/log/secure Actual results: Three log messages. Note that the first and third are in the wrong time zone (GMT); the time on the second one is correct. Apr 17 16:57:20 somehost sshd: Postponed publickey for root from 188.8.131.52 port 51395 ssh2 Apr 17 11:57:20 somehost sshd: Accepted publickey for root from 184.108.40.206 port 51395 ssh2 Apr 17 16:57:20 somehost sshd: Accepted publickey for root from 220.127.116.11 port 51395 ssh2 Expected results: Just one log message, as in FC4 and prior versions: Apr 17 11:57:20 somehost sshd: Accepted publickey for root from 18.104.22.168 port 51395 ssh2
Comment 1 Tomas Mraz 2006-04-18 08:55:56 EDT
The duplicate 'Accepted publickey' message will be hopefully resolved after upgrade to a new upstream version as soon as it is released. The 'Postponed publickey' message should be in logs so this is not a bug. The wrong timezone problem is hard to solve because teh sshd process is running in chroot where the /etc/localtime file is not accessible and simply copying it into the chroot wouldn't be correct either as it would get out of sync whenever the original one is changed.
Comment 2 Stuart 2006-05-08 07:20:25 EDT
Given the impact of timestamp problem (logs with inconsistent times are of questionable use, and that there still isn't an upstream release which addresses this), it is a reasonable short-term workaround to copy /etc/localtime to /var/empty/sshd/etc/localtime.