Bug 2599 - Overly verbose partial authentication
Summary: Overly verbose partial authentication
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.2p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_3
  Show dependency treegraph
 
Reported: 2016-07-20 07:27 AEST by cgallek
Modified: 2016-08-02 10:42 AEST (History)
1 user (show)

See Also:

Attachments
quiet-log.patch (533 bytes, patch)
2016-07-20 07:27 AEST, cgallek 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description cgallek 2016-07-20 07:27:53 AEST 
Created attachment 2856 [details]
quiet-log.patch

When connecting to a server which requires multiple authentication methods (eg AuthenticationMethods publickey,password publickey,keyboard-interactive) the following message is displayed after the first authentication succeeds:
"Authenticated with partial success."

This message is a bit too verbose especially in the context of other tools (git, rsync, etc) which use ssh as the underlying protocol.

The attached patch moves this message from the INFO log level to VERBOSE.
Comment 1 Darren Tucker 2016-07-20 10:54:51 AEST 
These things are going to stderr, right?  Which tools are parsing ssh's stderr and for what purpose?
Comment 2 cgallek 2016-07-20 12:23:04 AEST 
They do indeed go to stderr.  Sorry, I didn't mean to imply something was parsing them.  But things like `rsync --quiet ...` and `git fetch --quiet ...` are no longer quiet in this configuration.  This is particularly annoying in cron invocations that send stderr in an email.
Comment 3 Darren Tucker 2016-07-20 14:50:07 AEST 
(In reply to cgallek from comment #2)
> They do indeed go to stderr.  Sorry, I didn't mean to imply
> something was parsing them.  But things like `rsync --quiet ...` and
> `git fetch --quiet ...` are no longer quiet in this configuration. 
> This is particularly annoying in cron invocations that send stderr
> in an email.

Any reason you can't set the tool in question to invoke "ssh -q" or put "LogLevel quiet" or "LogLevel error" in the ssh_config or ~/.ssh/config for the relevant Host?
Comment 4 cgallek 2016-07-20 23:53:02 AEST 
Those are certainly valid work-arounds to the issues I'm having, but I would argue that this message is not useful even in the interactive path with the default logging level.  It's not an error and it doesn't solicit user interaction.  All of the other uses of the INFO level in this file fall into one of those categories.  It's certainly useful for development and debugging, but not to the end user.  It may even be worth arguing that this message should be part of one of the DEBUG levels.  The following examples from sshconnect2.c seem like valid precedent:

line 399:
debug("Authentication succeeded (%s).", authctxt.method->name);

line 556:
debug("Authentications that can continue: %s", authlist);

line 1888:
debug("Next authentication method: %s", name);
Comment 5 Darren Tucker 2016-07-22 15:48:20 AEST 
That's a reasonable point :-)

Patch applied and will be in the 7.3 release.  Thanks.
Comment 6 Damien Miller 2016-08-02 10:42:47 AEST 
Close all resolved bugs after 7.3p1 release