Hi, When running (Open-)sshd under daemontools, it's recommended to run sshd with the options "-D -e" (no daemon, log to stderr). Logging to stderr however seems to cause the "Accepted" log entry to be recorded twice e.g. - Accepted publickey for root from ::ffff:202.6.156.98 port 48878 ssh2 Accepted publickey for root from ::ffff:202.6.156.98 port 48878 ssh2 (note same source port). The same log entry to syslog is only printed once. I can replicate this on a variety of OpenSSH versions - 3.6.1p2 and 3.8p1 under Linux FC2 and 3.5p1 under FreeBSD 4.10. 3.1p1 on a Linux Redhat 7.2 doesn't, however (woo? :-). LogLevel in sshd_config is commented out, so should be default (INFO?). I poked around in log.c:do_log() (3.8p1), and discovered through judicious printf'ing that the second entry occurs in the child process, not the parent, although I can't see why this would prevent syslog from printing the second entry.
The is because of privilege separation: when it's on the auth loop runs in both privileged and unprivileged processes (add a geteuid() to your printf to see). It doesn't occur in normal operation because the unpriviliged child is chrooted to /var/empty and has no /dev/log to speak to.
Created attachment 797 [details] reduce log messages from privsep slave to debug only If it bugs you try this patch (against -current but should apply to most recent versions).
Doesn' worry me, it worries my log summary script (and the customer who viewed the results :-). Patch works a treat against 3.8p1 - thanks for the quick response.
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.