From owner-freebsd-security  Fri Dec 21 10:10:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [63.167.241.66])
	by hub.freebsd.org (Postfix) with ESMTP id 94BF437B405
	for <security@freebsd.org>; Fri, 21 Dec 2001 10:10:40 -0800 (PST)
Received: (from str@localhost)
	by giganda.komkon.org (8.11.3/8.11.3) id fBLIAXu71521
	for security@freebsd.org; Fri, 21 Dec 2001 13:10:33 -0500 (EST)
	(envelope-from str)
Date: Fri, 21 Dec 2001 13:10:33 -0500 (EST)
From: Igor Roshchin <str@giganda.komkon.org>
Message-Id: <200112211810.fBLIAXu71521@giganda.komkon.org>
To: security@freebsd.org
Subject: sshd logging
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hello!


I am somewhat confused about sshd writing messages to the syslog.
On 3.x systems with the sshd installed from ports
(e.g. sshd version 1.2.27 [i386--freebsd3.5.1] ),
I have much more verbose logging, then on 4.x systems with the
"core" openssh (e.g. sshd version OpenSSH_2.3.0 ).

As an example, here is the excerpts from logs on the same type of 
event for 3.x and 4.x systems:

3.x and sshd 1.2.27:

Dec 21 11:05:36 <auth.info> host3.x sshd[7623]: connect from 210.97.143.20
Dec 21 11:05:36 <auth.info> host3.x sshd[7623]: log: Connection from 210.97.143.20 port 1257
Dec 21 11:05:36 <auth.info> host3.x sshd[7623]: log: Could not reverse map address 210.97.143.20.
Dec 21 11:05:36 <auth.info> host3.x sshd[7624]: connect from 210.97.143.20
Dec 21 11:05:36 <auth.info> host3.x sshd[7624]: log: Connection from 210.97.143.20 port 1253
Dec 21 11:05:36 <auth.info> astra sshd[7624]: log: Could not reverse map address 210.97.143.20.
Dec 21 11:05:36 <auth.err> astra sshd[7623]: fatal: Local: Your ssh version is too old and is no longer supported.  Please install a newer version.
Dec 21 11:05:36 <auth.err> astra sshd[7624]: fatal: Local: Your ssh version is too old and is no longer supported.  Please install a newer version.


4.x and  OpenSSH_2.3.0:

Dec 21 11:05:26 <auth.info> host4.x sshd[67562]: Disconnecting: Your ssh version is too old and is no longer supported.  Please install a newer version.
Dec 21 11:05:39 <auth.info> host4.x sshd[67565]: Disconnecting: Your ssh version is too old and is no longer supported.  Please install a newer version.


I see that the priority of the messages changed between the versions.
However, even enabling "auth.*" logging does not show the "connect from .."
messages.
In both cases sshd is run as a standalone daemon.

Any ideas/sugggestions as for how to enable this logging in OpenSSH ?
(Am I just overlooking something obvious ?)

Thanks,

Igor

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message