sshd does not log connections that succeed the hosts_access() function. Failed connections are logged in tcp wrappers [via refuse()], but special care must be taken to log connections that succeed. It's not a show-stopper, since other, more detailed logging mechanisms exist, but it'd be a nice thing to have, since it shows that the allowed connection passed the wrappers. That, and tcpd and the commercial [at least verision 1.2.whatever] do it.
Created attachment 8 [details] Patch to fix this bug (gdiff -u)
shouln't the tcpwrapper do this? we should not call syslog at all
"should?" Maybe. "Does?" No. This is the way tcpd does it, too. The call to hosts_access() only determines whether or not a host should pass. refuse() [iirc, don't have the source handy] terminates sshd after calling syslog. There doesn't appear to be a corresponding accept() function. However, the fact that we have to call syslog ourselves is mitigated by the fact that there is a function available to crack the request structure, so we don't really have to go dinking with the tcp wrapper internals. It's the %s being sent into the syslog. Although it's not mentioned on the manpage, it's in the header we include.
I'm confused. If I set LogLevel VERBOSE in sshd_config, I get something like this in the syslog: Jan 17 08:12:39 myhost sshd[432]: Connection from somehost port someport What else is desired?
You can do this by setting LogLevel verbose
Mass change of RESOLVED bugs to CLOSED