When sshd is run without -r option the syslog messages from tcpwrappers denied message are not written to the configured syslog file. This happens when syslog facility is given as local7 and the level is given as info in the sshd configuration file
Created attachment 769 [details] reinit log after receiving config after reexec I think I see the problem: when reexec is enabled, log_init() is called before recv_rexec_state() and load_server_config(), so the log will be pointing to whatever the default is. Please try this patch.
Created attachment 770 [details] reinit log after reexec, take 2 Please try this one instead, it should also work when the log params are left unset.
I tried both the patches but still the log messages of tcp wrapper are not written to configured syslog file.
What platform (and version) are you seeing the problem on ?
OpenSSH Version : 3.9p1 Platform : Fedora core 2 kernel : 2.6.5-1.358
Which message is missing? Is it this one: sshd: refused connect from [foo] ?
I have these two entries in /etc/syslog.conf local7.info /var/log/ssh.log *.info;mail.none;authpriv.none;cron.none;local7.none /var/log/messages The message "sshd: refused connect from [foo]" appears in /var/log/messages but not in /var/log/ssh.log. But when sshd is run with -r option the message goes to /var/log/ssh.log alone
What do you have SyslogFacility and LogLevel set to in sshd_config?
my /etc/sshd_config file has SyslogFacility LOCAL7 LogLevel INFO
Created attachment 772 [details] reinit log after reexec, take 3 OK, I think I have it: log_init doesn't get called correctly at the point refuse() is called, so the messages get sent to the wrong place. Please try this patch. If it works I'll dig out my ouija board and try to determine how it's supposed to work when reexec is enabled :-)
I tried the patch 3, but still the problem persists.
Created attachment 773 [details] force log_init to reopen syslog Sigh. OK, new theory: although log_init has been called, openlog() hasn't so when libwrap calls syslog it still points to the default settings. Since the log functions do openlog/closelog, logging *anything* means that it will be pointing at the right place afterward (which meant that the debugging I added while working on it that made the problem go away, not the alleged fixes. A neato Heisenbug). Hopefully this patch will finally nail it; I mean, at some point I have to run out of wrong ideas, right :-?
Great. This patch worked.
*** Bug 948 has been marked as a duplicate of this bug. ***
It appears that OpenBSD's libwrap (or, more likely, its syslog libraries) are not fooled so easily. The refuse message always goes to the default log (/var/log/messages on my box) and not to sshd's SyslogFacility, regardless of whether or not reexec is invoked and/or messages are logged before the refuse. I suspect it boils down to what the OS does in this case: openlog(..., int facility); syslog(..., "message1"); closelog(); syslog(..., "message2"); It appears that on OpenBSD, message1 will go to different places if the facility is set. On other platforms, message2 will end up wherever message1 went (as you saw). The upshot is that if we're going to do something about it, it ought to be -Portable only (new patch to follow).
Created attachment 786 [details] force reopen of syslog (fixed for openlog_r too) Force reopen of syslog, which should mean that behaviour should at least be consistent on all platforms regardless of whether or not reexec is enabled. OK?
Patch #786 committed. Thanks for the report.
With the release of OpenSSH 4.0, these bugs are now closed. For details, see: http://www.openssh.com/txt/release-4.0