On 05/10/2016 02:19 PM, John wrote:
There are two possibilities. Either you set up logging socket in chroot
and set up syslog/journal to receive message from it, or there is some
possibility to log over the socket opened by the parent (before going
into chroot), which is a bit hacky solution (and not upstream for some
reason). We have got the patch in our git [1], but there will probably
be some bug in upstream bugzilla.
[1]
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-6.6.1p1-log-in-chroot.patch
Regards,
Thanks for the reply, Jakub. The patch you pointed me to does not apply to the current release of openssh unfortunately (v7.2p2). Do you have a more contemporary version of the patch I can try?
It applies, but there are also other conflicting patches in Fedora
probably. We use exactly this one for openssh-7.2
I can google around for a logging socket... I assume this can be implemented without the patch you referenced and on the current version 7.2p2?
Yes. The logging socket in chroot solution should work without the above
patch.
--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
