Created attachment 474681 [details]
patch to increase logging of userauth-request from DEBUG to VERBOSE

Description of problem:

If someone with a valid user name attempts to connect to an ssh server but fails for some reason, nothing is normally logged. This makes diagnostics confusing. If one ups the LogLevel to DEBUG, a *lot* of stuff is logged -- way too much for normal use, and as the config file warns, so much that user privacy could be violated.

The most useful line is "userauth-request", which takes the form of 

  userauth-request for user mattdm service ssh-connection method publickey

or

  userauth-request for user mattdm service ssh-connection method password

Version-Release number of selected component (if applicable):

  All up to and including at least 5.6p1

How reproducible:

  Always

Steps to Reproduce:
1. Set LogLevel to the normal INFO level, or to VERBOSE
1. try to connect to an ssh server but fail
  
Actual results:

 Nothing logged.

Expected results:

 Something logged.


Additional info:

The attached patch ups the log level for this to a reasonable "VERBOSE". This doesn't change the default behavior (INFO is the default), but gives the sysadmin the option of investigating problems without using the big sledgehammer of DEBUG (which may log information which later needs to be cleaned from the logs -- quite a hassle even if possible in a given environment).

--- openssh-5.6p1/auth2.c-verbose-requests	2011-01-21 15:07:36.000000000 -0500
+++ openssh-5.6p1/auth2.c	2011-01-21 15:08:09.000000000 -0500
@@ -229,7 +229,7 @@
 	user = packet_get_string(NULL);
 	service = packet_get_string(NULL);
 	method = packet_get_string(NULL);
-	debug("userauth-request for user %s service %s method %s", user, service, method);
+	verbose("userauth-request for user %s service %s method %s", user, service, method);
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
 #ifdef WITH_SELINUX