Running Ubuntu 18.04.1 LTS with package openssh-server 7.6p1-4ubuntu0.5 In /etc/ssh/sshd_config is set LogLevel DEBUG2. I get the debug2 log message of the client MACs offering part of handshake: May 3 18:51:05 10.10.10.10 sshd[14300]: debug2: MACs ctos: hmac-sha1,hmac-sha1-96,hmac-md5 [preauth] and afterwards in the same second the login log entry for user "abc" login from IP 1.2.3.4 with the same sshd PID, so I guess this login message belongs to the first debug2 log entry: May 3 18:51:05 10.10.10.10 sshd[14300]: Accepted password for abc from 1.2.3.4 port 51294 ssh2 But I get the according (same PID, roughly same second) debug2 handshake log entry not for every Accepted password log entry, only for a small fraction of logins. E.g. I observe a user logging in 2525 times on a day, but I can see the according debug2: MACs ctos: log entry (same PID, roughly same time) only for 155 of those logins. This happens accross all user logins, so it is not user specific. Is this a bug or a feature? Is there some handshake info cache, so full handshake is not done (or logged) on every login? How can I achieve that for every login the debug2 handshake log entry is made? Hildegard _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
