Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 1011] Multiple log entries for successful pubkey authentication
bugzilla-daemon at mindrot
Apr 7, 2005, 5:19 AM
Post #1 of 5 (186 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1011

Summary: Multiple log entries for successful pubkey
authentication
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: vinschen@redhat.com


When a successful pubkey authentication took place,
two "Accepted publickey" entries occur in syslog.

This happens on all systems having DISABLE_FD_PASSING set,
or for root logins, if privilege separation is enabled.

The cause is apparently that monitor as well as slave
write a syslog entry.

One of these entries should be suppressed.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1011] Multiple log entries for successful pubkey authentication [ In reply to ]
bugzilla-daemon at mindrot
Apr 7, 2005, 6:54 AM
Post #2 of 5 (189 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1011





------- Additional Comments From senthilkumar_sen@hotpop.com 2005-04-08 00:54 -------
This occurs for all Key based Authentication methods. I noted it for gssapi in
hpux. Wht wud be the cause if we just make it to log once, something like only
for uid zero.

In auth.c
+ if(getuid() == 0)
authlog("%s %s for %s%.100s from %.200s port %d%s",

Did it hurt anywhere?

Also the failure messages like
Failed none for user from foo* port *22 ssh2

occurs twice in debug mode.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1011] Multiple log entries for successful pubkey authentication [ In reply to ]
bugzilla-daemon at mindrot
Apr 7, 2005, 6:55 AM
Post #3 of 5 (184 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1011


senthilkumar_sen@hotpop.com changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |senthilkumar_sen@hotpop.com






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1011] Multiple log entries for successful pubkey authentication [ In reply to ]
bugzilla-daemon at mindrot
Apr 7, 2005, 6:59 AM
Post #4 of 5 (189 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1011





------- Additional Comments From vinschen@redhat.com 2005-04-08 00:59 -------
Adding a uid==0 test is too simple. It doesn't work for Cygwin
where uid 0 has no meaning at all. Probably there should be a
flag set if privsep_postauth() is skipped for whatever reason
and tested before printing from the monitor process.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1011] Multiple log entries for successful pubkey authentication [ In reply to ]
bugzilla-daemon at mindrot
Apr 7, 2005, 7:28 AM
Post #5 of 5 (186 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1011





------- Additional Comments From senthilkumar_sen@hotpop.com 2005-04-08 01:28 -------
>It doesn't work for Cygwin where uid 0 has no meaning at all.
Fine. Its not a thumb rule. But hoping tht the process ( with uid !=0 ) shld not
do this logging.








------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal