Created attachment 474681 [details] patch to increase logging of userauth-request from DEBUG to VERBOSE Description of problem: If someone with a valid user name attempts to connect to an ssh server but fails for some reason, nothing is normally logged. This makes diagnostics confusing. If one ups the LogLevel to DEBUG, a *lot* of stuff is logged -- way too much for normal use, and as the config file warns, so much that user privacy could be violated. The most useful line is "userauth-request", which takes the form of userauth-request for user mattdm service ssh-connection method publickey or userauth-request for user mattdm service ssh-connection method password Version-Release number of selected component (if applicable): All up to and including at least 5.6p1 How reproducible: Always Steps to Reproduce: 1. Set LogLevel to the normal INFO level, or to VERBOSE 1. try to connect to an ssh server but fail Actual results: Nothing logged. Expected results: Something logged. Additional info: The attached patch ups the log level for this to a reasonable "VERBOSE". This doesn't change the default behavior (INFO is the default), but gives the sysadmin the option of investigating problems without using the big sledgehammer of DEBUG (which may log information which later needs to be cleaned from the logs -- quite a hassle even if possible in a given environment). --- openssh-5.6p1/auth2.c-verbose-requests 2011-01-21 15:07:36.000000000 -0500 +++ openssh-5.6p1/auth2.c 2011-01-21 15:08:09.000000000 -0500 @@ -229,7 +229,7 @@ user = packet_get_string(NULL); service = packet_get_string(NULL); method = packet_get_string(NULL); - debug("userauth-request for user %s service %s method %s", user, service, method); + verbose("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); #ifdef WITH_SELINUX
this is only partial results, I prefer to leave it as is.