When a successful pubkey authentication took place, two "Accepted publickey" entries occur in syslog. This happens on all systems having DISABLE_FD_PASSING set, or for root logins, if privilege separation is enabled. The cause is apparently that monitor as well as slave write a syslog entry. One of these entries should be suppressed.
This occurs for all Key based Authentication methods. I noted it for gssapi in hpux. Wht wud be the cause if we just make it to log once, something like only for uid zero. In auth.c + if(getuid() == 0) authlog("%s %s for %s%.100s from %.200s port %d%s", Did it hurt anywhere? Also the failure messages like Failed none for user from foo* port *22 ssh2 occurs twice in debug mode.
Adding a uid==0 test is too simple. It doesn't work for Cygwin where uid 0 has no meaning at all. Probably there should be a flag set if privsep_postauth() is skipped for whatever reason and tested before printing from the monitor process.
>It doesn't work for Cygwin where uid 0 has no meaning at all. Fine. Its not a thumb rule. But hoping tht the process ( with uid !=0 ) shld not do this logging.
Is this still the case? (try a current snapshot from http://www.mindrot.org/openssh_snap) Darren fixed some bugs in this area back in May
This was already fixed for 4.3p2, but I tested current openssh from CVS and it's not an issue anymore. I'll set the state of this issue to resolved. Thanks, Corinna
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.