Bug 1571 - "subsystem request for sftp" log entry can't be correlated with a user
Summary: "subsystem request for sftp" log entry can't be correlated with a user
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.2p1
Hardware: Other Linux
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_6
  Show dependency treegraph
 
Reported: 2009-03-11 02:17 AEDT by TenToThe9
Modified: 2011-01-24 12:33 AEDT (History)
1 user (show)

See Also:

Attachments
/home/djm/sshd-subsys-req-log-user.diff (601 bytes, patch)
2010-06-18 14:26 AEST, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description TenToThe9 2009-03-11 02:17:14 AEDT 
sshd logs the message "subsystem request for sftp" without giving any identifiable information.  Even the process ID (if present) is not used in other messages.

Please add at least a username to the log message.
Comment 1 Damien Miller 2009-11-20 15:37:01 AEDT 
We don't log the user in all log entries because they can be correlated by PID, which your syslogd should record.
Comment 2 TenToThe9 2010-01-26 02:13:28 AEDT 
That's just the problem: the pid in the "subsystem requested" line does not match the pid in the "Accepted ... for ..." line.  This might be because of privilege separation.
Comment 3 Damien Miller 2010-06-18 14:25:11 AEST 
The privsep child pid is logged at loglevel=verbose, but it isn't hard to add the username to the message. I'll make a diff.
Comment 4 Damien Miller 2010-06-18 14:26:57 AEST 
Created attachment 1872 [details]
/home/djm/sshd-subsys-req-log-user.diff

log username on subsystem request line
Comment 5 Damien Miller 2010-06-22 14:59:44 AEST 
patch applied - this will be in OpenSSH-5.6
Comment 6 Damien Miller 2011-01-24 12:33:30 AEDT 
Move resolved bugs to CLOSED after 5.7 release