This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 671550

Summary: userauth-requests should be logged at a higher level than debug
Product: [Fedora] Fedora Reporter: Matthew Miller <mattdm>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jchadima, mgrepl, tmraz
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-08 05:05:19 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Attachments:
Description Flags
patch to increase logging of userauth-request from DEBUG to VERBOSE none

Description Matthew Miller 2011-01-21 15:24:02 EST
Created attachment 474681 [details]
patch to increase logging of userauth-request from DEBUG to VERBOSE

Description of problem:

If someone with a valid user name attempts to connect to an ssh server but fails for some reason, nothing is normally logged. This makes diagnostics confusing. If one ups the LogLevel to DEBUG, a *lot* of stuff is logged -- way too much for normal use, and as the config file warns, so much that user privacy could be violated.

The most useful line is "userauth-request", which takes the form of 

  userauth-request for user mattdm service ssh-connection method publickey

or

  userauth-request for user mattdm service ssh-connection method password

Version-Release number of selected component (if applicable):

  All up to and including at least 5.6p1

How reproducible:

  Always

Steps to Reproduce:
1. Set LogLevel to the normal INFO level, or to VERBOSE
1. try to connect to an ssh server but fail
  
Actual results:

 Nothing logged.

Expected results:

 Something logged.


Additional info:

The attached patch ups the log level for this to a reasonable "VERBOSE". This doesn't change the default behavior (INFO is the default), but gives the sysadmin the option of investigating problems without using the big sledgehammer of DEBUG (which may log information which later needs to be cleaned from the logs -- quite a hassle even if possible in a given environment).

--- openssh-5.6p1/auth2.c-verbose-requests	2011-01-21 15:07:36.000000000 -0500
+++ openssh-5.6p1/auth2.c	2011-01-21 15:08:09.000000000 -0500
@@ -229,7 +229,7 @@
 	user = packet_get_string(NULL);
 	service = packet_get_string(NULL);
 	method = packet_get_string(NULL);
-	debug("userauth-request for user %s service %s method %s", user, service, method);
+	verbose("userauth-request for user %s service %s method %s", user, service, method);
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
 #ifdef WITH_SELINUX
Comment 1 Jan F. Chadima 2011-03-08 05:05:19 EST
this is only partial results, I prefer to leave it as is.