On Fri, Sep 10, 2021 at 10:33:47AM +0100, Adam Weremczuk wrote: > Weeks later it happened again and I'm not any less puzzled:
What's "it"? > /var/log/syslog > > Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 25: Deprecated > option UsePrivilegeSeparation Fine, just comment out the offending lines.... > Not matching what's in the file: > > awk 'NR==25' /etc/ssh/sshd_config > > awk 'NR==28' /etc/ssh/sshd_config > > awk 'NR==29' /etc/ssh/sshd_config > # Lifetime and size of ephemeral version 1 server key OK, so "it" is in fact "The warnings in syslog contain line numbers which do not align with the line numbers of the file that I see"? Seems harmless enough -- just comment out the offending options wherever they are, ignoring the line numbers in the warnings. > The service hasn't been restarted around that time and the file hasn't been > modified for even longer: > > systemctl status ssh.service | grep running > Active: active (running) since Wed 2021-08-18 17:36:45 UTC; 3 weeks 1 > days ago All right, now we're getting somewhere. Is it possible that these lines are being remotely syslogged to you from another host? It's unfortunate that you omitted most of the systemctl output. It would have been nice to see whether PID 145 is actually sshd on this host. You could also check by hand, of course: ps -fp 145 and ps -ef | grep sshd You might also want to double-check "journalctl -u ssh" against the contents of the syslog file. As far as I know, the systemd journal cannot accept input from a foreign host, so it should always show info that comes from services running on localhost.
