Re: sshd(8), sshd_config(5), and the LogLevel directive

2018-03-05 Thread Lars Noodén 
On 2018-03-05, Stuart Henderson wrote:
> On 2018-03-05, Lars Noodén wrote:
>> I'm not able to get sshd(8) to use alternative loglevels, such as Debug3.
>>
>> When sshd(8) starts, it goes through the normal reporting regardless
>> of which LogLevel is set in sshd_config(5).  Here is  an excerpt from
>> /var/log/authlog showing the daemon starting and a first connection
>> from outside:
>
> The default for /var/log/authlog is auth.info. To get these through
> syslogd, you'll need something with .debug instead.

Ah ha.  I hadn't looked there.  Thanks for the patience.

$ grep -i authlog /etc/syslog.conf
auth.info   /var/log/authlog

> (btw, some of the higher-level debug for SSH is fairly sensitive, you might
> prefer to log it to memory buffers rather than disk

That explains the syslogd(8) auth.info default.

>  - set the -s flag to
> syslogd and then you can do things like "*.* :64:debug" and watch with
> "syslogc -f debug").

Neat.

It is clear now and I know what to do.  Thanks.

/Lars

Re: sshd(8), sshd_config(5), and the LogLevel directive

2018-03-05 Thread Stuart Henderson 
On 2018-03-05, Lars Noodén  wrote:
> I'm not able to get sshd(8) to use alternative loglevels, such as Debug3.
>
> When sshd(8) starts, it goes through the normal reporting regardless
> of which LogLevel is set in sshd_config(5).  Here is  an excerpt from
> /var/log/authlog showing the daemon starting and a first connection
> from outside:

The default for /var/log/authlog is auth.info. To get these through syslogd,
you'll need something with .debug instead.

(btw, some of the higher-level debug for SSH is fairly sensitive, you might
prefer to log it to memory buffers rather than disk - set the -s flag to
syslogd and then you can do things like "*.* :64:debug" and watch with
"syslogc -f debug").

sshd(8), sshd_config(5), and the LogLevel directive

2018-03-04 Thread Lars Noodén 
I'm not able to get sshd(8) to use alternative loglevels, such as Debug3.

When sshd(8) starts, it goes through the normal reporting regardless
of which LogLevel is set in sshd_config(5).  Here is  an excerpt from
/var/log/authlog showing the daemon starting and a first connection
from outside:

Mar  5 08:02:37 yeeloong sshd[13495]: Server listening on 0.0.0.0 port 22.
Mar  5 08:02:37 yeeloong sshd[13495]: Server listening on :: port 22.
Mar  5 08:11:55 yeeloong sshd[80107]: Connection from xx.yy.zz.aa port
60502 on xx.yy.zz.bb port 22 rdomain "0"

Yet the loglevel seems to be read correctly from the configuration file:

# /usr/sbin/sshd -T | grep -i loglevel
loglevel DEBUG3

Invoking sshd(8) with -d, -dd, -ddd produces increased logging though,
just not to the log file.

Is this worth a formal report?

/Lars

=

[ using 735440 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2018 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.3-beta (GENERIC) #337: Sat Mar  3 07:36:58 MST 2018
dera...@loongson.openbsd.org:/usr/src/sys/arch/loongson/compile/GENERIC
real mem = 1073741824 (1024MB)
avail mem = 1055784960 (1006MB)
mainbus0 at root: Lemote Yeeloong
cpu0 at mainbus0: STC Loongson2F CPU 797 MHz, STC Loongson2F FPU
cpu0: cache L1-I 64KB D 64KB 4 way, L2 512KB 4 way
bonito0 at mainbus0: memory and PCI-X controller, rev 1
pci0 at bonito0 bus 0
rl0 at pci0 dev 7 function 0 "Realtek 8139" rev 0x10: irq 5, address
00:23:8b:59:df:48
rlphy0 at rl0 phy 0: RTL internal PHY
smfb0 at pci0 dev 8 function 0 "Silicon Motion LynxEM+" rev 0xb0:
1024x600, 16bpp
wsdisplay0 at smfb0 mux 1: console (std, vt100 emulation)
glxpcib0 at pci0 dev 14 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit 3579
545Hz timer, watchdog, gpio, i2c
isa0 at glxpcib0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
mcclock0 at isa0 port 0x70/2: mc146818 or compatible
ykbec0 at isa0 port 0x381/3
gpio1 at glxpcib0: 32 pins
iic at glxpcib0 not configured
glxclk0 at glxpcib0: clock, prof
pciide0 at pci0 dev 14 function 2 "AMD CS5536 IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 7641MB, 15649200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
auglx0 at pci0 dev 14 function 3 "AMD CS5536 Audio" rev 0x01: isa irq
9, CS5536 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0)
audio0 at auglx0
ohci0 at pci0 dev 14 function 4 "AMD CS5536 USB" rev 0x02: isa irq 11,
version 1.0, legacy support
ehci0 at pci0 dev 14 function 5 "AMD CS5536 USB" rev 0x02: isa irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev
2.00/1.00 addr 1
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev
1.00/1.00 addr 1
apm0 at mainbus0
umass0 at uhub0 port 1 configuration 1 interface 0 "Generic
USB2.0-CRW" rev 2.00/58.87 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI0
0/direct removable serial.0bda015811417340
urtw0 at uhub0 port 4 configuration 1 interface 0 "Realtek RTL8187B"
rev 2.00/2.00 addr 3
urtw0: RTL8187B rev E, address 00:17:c4:4d:ed:56
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
pmon bootpath: /dev/disk/wd0
boot device: wd0
root on wd0a (7797d94bb0fceead.a) swap on wd0b dump on wd0b