What I am aiming for is a way to be able to set up ssh(1) logging entirely from within ssh_config(5) without needing additional runtime options.
Currently SyslogFacility in ssh_config(5) only sets the facility code but does not actually change the logging to use syslog(3) and so setting SyslogFacility is only useful in conjuction with the -y option. If setting SyslogFacility implies -y for ssh(1) then the whole thing can be set from ssh_config(5), keeping all the adjustments in one place. The following illustrates what I am trying to describe. /Lars Index: src/usr.bin/ssh/ssh.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.c,v retrieving revision 1.464 diff -u -p -u -r1.464 ssh.c --- src/usr.bin/ssh/ssh.c 21 Sep 2017 19:16:53 -0000 1.464 +++ src/usr.bin/ssh/ssh.c 25 Sep 2017 16:11:29 -0000 @@ -958,6 +958,8 @@ main(int ac, char **av) * Initialize "log" output. Since we are the client all output * goes to stderr unless otherwise specified by -y or -E. */ + if (options.log_facility != SYSLOG_FACILITY_NOT_SET) + use_syslog = 1; if (use_syslog && logfile != NULL) fatal("Can't specify both -y and -E"); if (logfile != NULL) Index: src/usr.bin/ssh/ssh_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v retrieving revision 1.256 diff -u -p -u -r1.256 ssh_config.5 --- src/usr.bin/ssh/ssh_config.5 21 Sep 2017 19:16:53 -0000 1.256 +++ src/usr.bin/ssh/ssh_config.5 25 Sep 2017 16:16:02 -0000 @@ -1489,6 +1489,9 @@ known hosts will be verified automatical .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Xr ssh 1 . +Begins logging using the +.Xr syslog 3 +system module. The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is USER.