sshd(8) used to change the verbosity level when logging messages by
following the LogLevel directive from sshd_config(5). Currently only
"normal" logging happens in the system log when using the LogLevel
directive. The expected result is that the verbosity would change
according to the value set in LogLevel either in the configuration
file or with the -o option at runtime, as it used to.
This happens for me on several architectures and over several
snapshots. At the bottom is the dmesg for one with a recent snapshot.
For example, with the following increase to DEBUG3 in the stock
/etc/ssh/sshd_config provided by base, the extended test mode
acknowledges the loglevel change:
$ doas /usr/sbin/sshd -T | grep -E 'loglevel|syslogfacility'
loglevel DEBUG3
syslogfacility AUTH
$ doas /usr/sbin/sshd -T -C user=foo,host=172.31.18.9,addr=172.31.18.45 \
| grep -E 'loglevel|syslogsfacility'
loglevel DEBUG3
syslogfacility AUTH
However, there is still only normal logging in /var/log/authlog:
. . .
Oct 18 11:51:33 bbb sshd[27291]: Server listening on 0.0.0.0 port 22.
Oct 18 11:51:33 bbb sshd[27291]: Server listening on :: port 22.
Oct 18 11:51:37 bbb sshd[95965]: Connection from 172.31.18.45 port
47238 on 172.31.18.9 port 22
Oct 18 11:51:38 bbb sshd[95965]: Postponed publickey for foo from
172.31.18.45 port 47238 ssh2 [preauth]
Oct 18 11:51:43 bbb sshd[95965]: Accepted publickey for foo from
172.31.18.45 port 47238 ssh2: ED25519
SHA256:8KPPJLHoCCzzLHj6ORDUjeXe9i6XAXSKt2nniQM1bo2
Oct 18 11:51:43 bbb sshd[95965]: User child is on pid 35347
Oct 18 11:51:43 bbb sshd[35347]: Starting session: command for foo
from 172.31.18.45 port 47238 id 0
Oct 18 11:51:43 bbb sshd[35347]: Received disconnect from 172.31.18.45
port 47238:11: disconnected by user
Oct 18 11:51:43 bbb sshd[35347]: Disconnected from user foo
172.31.18.45 port 47238
. . .
=====
The following runtime change produces an initial amount of debug
information to stderr but drops back to reporting to the system log.
$ doas /usr/sbin/sshd -o LogLevel=DEBUG3
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 174
debug2: parse_server_config: config /etc/ssh/sshd_config len 174
debug3: /etc/ssh/sshd_config:40 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:88 setting Subsystem sftp /usr/libexec/sftp-server
debug1: sshd version OpenSSH_7.6, LibreSSL 2.6.3
debug1: private host key #0: ssh-rsa
SHA256:ivJsxTfDOvedxS4HyM8WJSIjyC1Nk54W03DfAJNmz0s
debug1: private host key #1: ssh-dss
SHA256:ByDlP7T5KTgiybgLJABrzEDHu4Hg4Z/bts7ImzPbUKc
debug1: private host key #2: ecdsa-sha2-nistp256
SHA256:Wy4DEQdIvToReBXwk5X6x3VEkmLsOSU1W0WZMTTOTfk
debug1: private host key #3: ssh-ed25519
SHA256:+tXyEa0zLfwOpDUkuqBG4WEARfHheQOW+8WkGXgpYRk
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-o'
debug1: rexec_argv[2]='LogLevel=DEBUG3'
That's as much as sshd(8) shows to stderr.
There in the system log, no extra verbosity is used. It is as in the
first example.
=====
Specifying the debug mode at runtime with -d produces increased
verbosity but to stderr.
$ doas /usr/sbin/sshd -d
$ doas /usr/sbin/sshd -d -d
$ doas /usr/sbin/sshd -d -d -d
So this part works as expected.
/Lars
=====
OpenBSD 6.2-current (GENERIC) #102: Tue Oct 17 13:49:49 MDT 2017
[email protected]:/usr/src/sys/arch/armv7/compile/GENERIC
real mem = 536870912 (512MB)
avail mem = 517287936 (493MB)
mainbus0 at root: TI AM335x BeagleBone Black
cpu0 at mainbus0: ARM Cortex-A8 r3p2 (ARMv7)
cpu0: DC enabled IC enabled WB disabled EABT branch prediction enabled
cpu0: 32KB(64b/l,4way) I-cache, 32KB(64b/l,4way) wr-back D-cache
omap0 at mainbus0
prcm0 at omap0 rev 0.2
dmtimer0 at omap0 rev 3.1
dmtimer1 at omap0 rev 3.1
simplebus0 at mainbus0: "ocp"
simplebus1 at simplebus0: "l4_wkup"
simplebus2 at simplebus1: "scm"
ompinmux0 at simplebus2
simplebus3 at simplebus2: "scm_conf"
intc0 at simplebus0 rev 5.0
omgpio0 at simplebus0: rev 0.1
gpio0 at omgpio0: 32 pins
omgpio1 at simplebus0: rev 0.1
gpio1 at omgpio1: 32 pins
omgpio2 at simplebus0: rev 0.1
gpio2 at omgpio2: 32 pins
omgpio3 at simplebus0: rev 0.1
gpio3 at omgpio3: 32 pins
com0 at simplebus0: ti16750, 64 byte fifo
com0: console
tiiic0 at simplebus0 rev 0.11
iic0 at tiiic0
"ti,tps65217" at iic0 addr 0x24 not configured
"atmel,24c256" at iic0 addr 0x50 not configured
nxphdmi0 at iic0 addr 0x70: rev 0x0301
nxphdmi0: no display detected
tiiic1 at simplebus0 rev 0.11
iic1 at tiiic1
"atmel,24c256" at iic1 addr 0x54 not configured
"atmel,24c256" at iic1 addr 0x55 not configured
"atmel,24c256" at iic1 addr 0x56 not configured
"atmel,24c256" at iic1 addr 0x57 not configured
ommmc0 at simplebus0
sdmmc0 at ommmc0: 4-bit, sd high-speed, mmc high-speed
ommmc1 at simplebus0
sdmmc1 at ommmc1: 1-bit
omdog0 at simplebus0 rev 0.1
cpsw0 at simplebus0: version 1.12 (0), address 88:4a:ea:ca:70:17
ukphy0 at cpsw0 phy 0: Generic IEEE 802.3u media interface, rev. 1:
OUI 0x0001f0, model 0x000f
amdisplay0 at simplebus0
amdisplay0: no display attached.
scsibus0 at sdmmc0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: <SD/MMC, SL32G, 0080> SCSI2 0/direct removable
sd0: 30436MB, 512 bytes/sector, 62333952 sectors
scsibus1 at sdmmc1: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: <Kingston, S10004, 0000> SCSI2 0/direct removable
sd1: 3648MB, 512 bytes/sector, 7471104 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
boot device: sd0
root on sd1a (5443aa6240409e7a.a) swap on sd1b dump on sd1b
WARNING: CHECK AND RESET THE DATE!
