One of the important features of hostbased authentication is that it controls access from the specified client users. When such control is desired, it is truly beneficial to supplement it with corresponding information in the log. In other words, sshd log should get a message that says which client user from which hostname and IP address logins as which local user. In v5.8p2 such a message only comes from auth_rhosts2_raw() in auth-rhosts.c and the message is at syslog priority DEBUG2. Thus, it is not possible to get details about client user without running sshd with log level as high as DEBUG2. It would be highly desirable if this message or a similar message reporting client_user had priority INFO.
Damien, this might be doable with the recent auth_log changes?
Created attachment 2295 [details] Log key, client user and wire-specified client host for hostbased auth Yes, though we should log the key too. This patch extends the recent pubkey_auth_info() to allow logging of additional information besides the key, and uses it to log the hostbased client user and client host (as it appears in the userauth packet).
committed - this will be in openssh-6.3
closing resolved bugs as of 8.6p1 release