On Mon, 24 Jul 2017, Peter Stuge wrote: > Mike Tancsa wrote: > > Are there any alternatives to this method ? Are there any patches > > thoughts for supplementary logging of some sort of sshd that can work > > around these logging constraints ? > > openlog() doesn't return an fd, but keeps the syslog connection internal. > > You could rewrite do_log() to not use openlog() but access /dev/syslog > directly, then sshd could pass the fd to child processes. It wouldn't > scale beyond OpenSSH though - ie. only for sftp, not for external > subsystems. There's a patch on bugzilla to make the post-auth sshd monitor handle logging as it does during the pre-auth phase. I'm undecided about it so far. I wish other operating systems would copy OpenBSD's sendsyslog() - it makes life considerably simpler for privilege-separated and sandboxed applications. On linux you could probably do it with a well-known Unix domain syslog listener in the abstract socket namespace, e.g. "@syslog" -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev