Enable logging remote ssh contacts

Enable logging remote ssh contacts

[Fokke Nauta]

Hi all,

Installed Cygwin SSH server on a Windows XP machine. It works well from
within the LAN but from the firewall I can see that the server is contacted
remotely on a regular base. I will enabled port 22 in the firewall that to
ensure that I will be able to login in remotely as well. Is there any way to
enable logging remote login attempts to have a view op what happens?

Thanks in advance,

With kind regards,
Fokke Nauta
-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31478200.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[David Sastre]

[-- Attachment #1: Type: text/plain, Size: 363 bytes --]

On Tue, Apr 26, 2011 at 06:02:00AM -0700, Fokke Nauta wrote:
> Is there any way to
> enable logging remote login attempts to have a view op what happens?

Check the sshd_config manpage for LogLevel and/or SyslogFacility.
Works the same for GNU/Linux, not cygwin specific.

-- 
Huella de clave primaria: AD8F BDC0 5A2C FD5F A179  60E7 F79B AB04 5299 EC56

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 230 bytes --]

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Dawud Medina wrote:
> 
> On Tue, Apr 26, 2011 at 06:02:00AM -0700, Fokke Nauta wrote:
>> Is there any way to
>> enable logging remote login attempts to have a view op what happens?
> 
> Check the sshd_config manpage for LogLevel and/or SyslogFacility.
> Works the same for GNU/Linux, not cygwin specific.
>  
> 

Where can I find this man page?
I see two sshd_config config pages, one in \cygwin\etc and one in
\cygwin\etc\defaults\etc. Which one do I need to alter?

Fokke

-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31478748.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Larry Hall (Cygwin)]

On 4/26/2011 10:10 AM, Fokke Nauta wrote:
>
>
> Dawud Medina wrote:
>>
>> On Tue, Apr 26, 2011 at 06:02:00AM -0700, Fokke Nauta wrote:
>>> Is there any way to
>>> enable logging remote login attempts to have a view op what happens?
>>
>> Check the sshd_config manpage for LogLevel and/or SyslogFacility.
>> Works the same for GNU/Linux, not cygwin specific.
>>
>>
>
> Where can I find this man page?

man sshd_config

> I see two sshd_config config pages, one in \cygwin\etc and one in
> \cygwin\etc\defaults\etc. Which one do I need to alter?

/etc is the one to edit. /etc/defaults/etc contains templates that
get copied to the proper locations during initial configuration.
They will be replaced each time you update.

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Larry Hall (Cygwin) wrote:
> 
> On 4/26/2011 10:10 AM, Fokke Nauta wrote:
>>
>>
>> Dawud Medina wrote:
>>>
>>> On Tue, Apr 26, 2011 at 06:02:00AM -0700, Fokke Nauta wrote:
>>>> Is there any way to
>>>> enable logging remote login attempts to have a view op what happens?
>>>
>>> Check the sshd_config manpage for LogLevel and/or SyslogFacility.
>>> Works the same for GNU/Linux, not cygwin specific.
>>>
>>>
>>
>> Where can I find this man page?
> 
> man sshd_config
> 
>> I see two sshd_config config pages, one in \cygwin\etc and one in
>> \cygwin\etc\defaults\etc. Which one do I need to alter?
> 
> /etc is the one to edit. /etc/defaults/etc contains templates that
> get copied to the proper locations during initial configuration.
> They will be replaced each time you update.
> 
> -- 
> Larry
> 
> 

Thanks.
Never thought of opening the shell and type "man sshd_config".
It reminds me of UNIX :-)
Long before I got to Windows.
I edited the proper sshd_config file. Perhaps I didn't do that well enough,
but after restarting the Cygwin ssh service no login attempt was logged
after I logged in.

Fokke

-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31481290.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[René Berber]

On 4/26/2011 2:02 PM, Fokke Nauta wrote:

[snip]
> I edited the proper sshd_config file. Perhaps I didn't do that well enough,
> but after restarting the Cygwin ssh service no login attempt was logged
> after I logged in.

Where are you looking for the log?

If you are not running syslog-ng (or any other syslog) then the log is
Windows' event log.

But if you did install/configure/run syslog-ng then its at
/var/log/messages (or a different log if you configured that).

Don't confuse /var/log/sshd.log for the real log, that one is just for
output sent by cygrunsrv (the program that serves as helper to make sshd
a Windows service).
-- 
René Berber



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

René Berber-2 wrote:
> 
> On 4/26/2011 2:02 PM, Fokke Nauta wrote:
> 
> [snip]
>> I edited the proper sshd_config file. Perhaps I didn't do that well
>> enough,
>> but after restarting the Cygwin ssh service no login attempt was logged
>> after I logged in.
> 
> Where are you looking for the log?
> 
> If you are not running syslog-ng (or any other syslog) then the log is
> Windows' event log.
> 
> But if you did install/configure/run syslog-ng then its at
> /var/log/messages (or a different log if you configured that).
> 
> Don't confuse /var/log/sshd.log for the real log, that one is just for
> output sent by cygrunsrv (the program that serves as helper to make sshd
> a Windows service).
> -- 
> René Berber
> 

Thanks. I was looking in /var/log/sshd.log indeed.
So - in order to see a real log file I need to install/configure/run
syslog-ng.
How do I do that?

Fokke
-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31484865.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Hi René,

I already found some information about this in 
http://fixunix.com/ssh/74348-how-enable-logging-sshd-log-file-windows-using-ssh-cygwin.html
http://fixunix.com/ssh/74348-how-enable-logging-sshd-log-file-windows-using-ssh-cygwin.html
, also given by you.
Thanks. 

I guess it works, but until yet I have not been able to open the file
messages, as access is denied, even after stopping the syslog service.

Fokke
-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31485107.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[René Berber]

On 4/27/2011 2:31 AM, Fokke Nauta wrote:

[snip]
> I guess it works, but until yet I have not been able to open the file
> messages, as access is denied, even after stopping the syslog service.

On Windows XP?  It should be readable by everybody.

What permissions and ownership do you see for the log?  For instance, I see:

$ ll /var/log
total 996K
drwxrwxrwx+ 1 rberber None    0 Apr  1 19:10 ./
drwxr-xr-x  1 rberber None    0 Aug 14  2010 ../
-rw-r--r--  1 SYSTEM  root 627K Apr 27 10:38 autossh.log
-rw-r--r--+ 1 rberber None    0 Dec  3 17:29 messages

autossh is running as a service, I don't have syslog-ng running so
messages is empty, both files are world readable.
-- 
René Berber



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

René Berber-2 wrote:
> 
> On 4/27/2011 2:31 AM, Fokke Nauta wrote:
> 
> [snip]
>> I guess it works, but until yet I have not been able to open the file
>> messages, as access is denied, even after stopping the syslog service.
> 
> On Windows XP?  It should be readable by everybody.
> 
> What permissions and ownership do you see for the log?  For instance, I
> see:
> 
> $ ll /var/log
> total 996K
> drwxrwxrwx+ 1 rberber None    0 Apr  1 19:10 ./
> drwxr-xr-x  1 rberber None    0 Aug 14  2010 ../
> -rw-r--r--  1 SYSTEM  root 627K Apr 27 10:38 autossh.log
> -rw-r--r--+ 1 rberber None    0 Dec  3 17:29 messages
> 
> autossh is running as a service, I don't have syslog-ng running so
> messages is empty, both files are world readable.
> -- 
> René Berber
> 
> 

Hi René,

I don't have any ll in the shell. Not recognized.
So I can't see the 
I have syslog-ng running. Should I replace that by autossh?
Strange enough the file /var/log/messages could not be opened by Windows.
Tried with Textpad and Notepad. In both occasions it said: "access denied".
So I installed cron and now copy /var/log/messages to a different location
every 10 minutes. I can now read that file from Windows. However, copying
that file creates an entry in the /var/log/messages file.
So better quit syslog-ng and cron and use autossh instead?

Fokke



-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31490012.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[René Berber]

On 4/27/2011 1:49 PM, Fokke Nauta wrote:

> I don't have any ll in the shell. Not recognized.

Oops!  My mistake, ll is an bash alias I defined, its just "ls -alhF
--color=tty" (actually is an alias that uses the alias ls is defined to,
but I included what both aliases do for simplicity).

> So I can't see the 
> I have syslog-ng running. Should I replace that by autossh?

No, autossh is something else, I just kept it to show you how a Windows
service looks, like the sshd.log you have.

> Strange enough the file /var/log/messages could not be opened by Windows.
> Tried with Textpad and Notepad. In both occasions it said: "access denied".
> So I installed cron and now copy /var/log/messages to a different location
> every 10 minutes. I can now read that file from Windows. However, copying
> that file creates an entry in the /var/log/messages file.
> So better quit syslog-ng and cron and use autossh instead?

No, just run the following to see if everything is running as expected:

cygrunsrv -LV

Note the "Account" for both sshd and syslog-ng.  That usually is what
gives problems.

If both where installed using the Cygwin provided scripts, perhaps with
some help as provided in /usr/share/doc/Cygwin/<package>.README, then
everything would work fine.  My guess is that there is a difference,
which creates the problem, and it will show in the output of cygrunsrv.
 If you send it to the list, we probably can spot the problem.
-- 
René Berber



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Cyrille Lefevre]

Le 27/04/2011 20:49, Fokke Nauta a écrit :
Hi,

> I don't have any ll in the shell. Not recognized.
> So I can't see the
> I have syslog-ng running. Should I replace that by autossh?

syslogd must be started before sshd... does it ?

let's try configuring both services differently :

# backup the actual configuration
cygrunsrv -VQ syslogd > syslogd.cfg
cygrunsrv -VQ sshd > sshd.cfg

# stop the services
cygrunsrv -E syslogd
cygrunsrv -E sshd

# remove the services
cygrunsrv -R syslogd
cygrunsrv -R sshd

# reconfigure the services using the .cfg parameters if different

# -y tcpip may be added but in this case, sshd should depend on
# syslogd sshd (see the alternative below)
cygrunsrv -I syslogd -p /usr/sbin/syslogd \
-d "CYGWIN syslog daemon" -u LocalSystem -w ''

# since tcpip doesn't start too early, syslogd has the time
# to start before sshd does...
cygrunsrv -I sshd -p /usr/sbin/sshd -a "-D" \
-d "CYGWIN ssh daemon" -f "8022" -u cyg_server -w <password> \
-y tcpip -e "CYGWIN=tty" # ntsec if XP, tty isn't necessary.

# alternative, don't touch the syslogd service but provide it
# as an sshd depedency...
cygrunsrv -I sshd -p /usr/sbin/sshd -a "-D" \
-d "CYGWIN ssh daemon" -f "8022" -u cyg_server -w <password> \
-y tcpip -y syslogd -e "CYGWIN=tty" # ntsec if XP, tty isn't necessary.

# start the services
cygrunsrv -S syslogd
cygrunsrv -S sshd

although, permission check (under vista at least, don't know under XP)

somebody@somewhere /var/log
v2$ ls -ld . messages
drwxrwxrwx+ 1 somebody None       0 Mar 31 00:38 .
-rw-rw-r--+ 1 SYSTEM   root 3495748 Apr  3 15:26 messages
----------^ note the + here => acl

somebody@somewhere /var/log
v2$ getfacl . messages
# file: .
# owner: somebody
# group: None
user::rwx
group::rwx
group:root:rwx
group:SYSTEM:rwx
mask:rwx
other:rwx
default:user::rwx
default:group::rwx
default:group:root:rwx
default:group:SYSTEM:rwx
default:group:Utilisateurs:r-x
default:mask:rwx
default:other:rwx

# file: messages
# owner: SYSTEM
# group: root
user::rw-
group::rw-
group:Utilisateurs:r-x
mask:rwx
other:r--

at last, I prefer the VERBOSE log level than the info one :

somebody@somewhere /var/log
v2$ grep Level /etc/sshd_config
LogLevel VERBOSE


Regards,

Cyrille Lefevre
-- 
mailto:Cyrille.Lefevre-lists@laposte.net



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Cyrille Lefevre wrote:
> 
> 
> Le 27/04/2011 20:49, Fokke Nauta a écrit :
> Hi,
> 
>> I don't have any ll in the shell. Not recognized.
>> So I can't see the
>> I have syslog-ng running. Should I replace that by autossh?
> 
> syslogd must be started before sshd... does it ?
> 
> let's try configuring both services differently :
> 
> # backup the actual configuration
> cygrunsrv -VQ syslogd > syslogd.cfg
> cygrunsrv -VQ sshd > sshd.cfg
> 
> # stop the services
> cygrunsrv -E syslogd
> cygrunsrv -E sshd
> 
> # remove the services
> cygrunsrv -R syslogd
> cygrunsrv -R sshd
> 
> # reconfigure the services using the .cfg parameters if different
> 
> # -y tcpip may be added but in this case, sshd should depend on
> # syslogd sshd (see the alternative below)
> cygrunsrv -I syslogd -p /usr/sbin/syslogd \
> -d "CYGWIN syslog daemon" -u LocalSystem -w ''
> 
> # since tcpip doesn't start too early, syslogd has the time
> # to start before sshd does...
> cygrunsrv -I sshd -p /usr/sbin/sshd -a "-D" \
> -d "CYGWIN ssh daemon" -f "8022" -u cyg_server -w <password> \
> -y tcpip -e "CYGWIN=tty" # ntsec if XP, tty isn't necessary.
> 
> # alternative, don't touch the syslogd service but provide it
> # as an sshd depedency...
> cygrunsrv -I sshd -p /usr/sbin/sshd -a "-D" \
> -d "CYGWIN ssh daemon" -f "8022" -u cyg_server -w <password> \
> -y tcpip -y syslogd -e "CYGWIN=tty" # ntsec if XP, tty isn't necessary.
> 
> # start the services
> cygrunsrv -S syslogd
> cygrunsrv -S sshd
> 
> although, permission check (under vista at least, don't know under XP)
> 
> somebody@somewhere /var/log
> v2$ ls -ld . messages
> drwxrwxrwx+ 1 somebody None       0 Mar 31 00:38 .
> -rw-rw-r--+ 1 SYSTEM   root 3495748 Apr  3 15:26 messages
> ----------^ note the + here => acl
> 
> somebody@somewhere /var/log
> v2$ getfacl . messages
> # file: .
> # owner: somebody
> # group: None
> user::rwx
> group::rwx
> group:root:rwx
> group:SYSTEM:rwx
> mask:rwx
> other:rwx
> default:user::rwx
> default:group::rwx
> default:group:root:rwx
> default:group:SYSTEM:rwx
> default:group:Utilisateurs:r-x
> default:mask:rwx
> default:other:rwx
> 
> # file: messages
> # owner: SYSTEM
> # group: root
> user::rw-
> group::rw-
> group:Utilisateurs:r-x
> mask:rwx
> other:r--
> 
> at last, I prefer the VERBOSE log level than the info one :
> 
> somebody@somewhere /var/log
> v2$ grep Level /etc/sshd_config
> LogLevel VERBOSE
> 
> 
> Regards,
> 
> Cyrille Lefevre
> 
> 

Hi Cyrille,

Thanks for your help and explanation.

For a beginning: "syslogd must be started before sshd... does it ?"
It does. I can read the file /var/log/messages from the Cygwin shell and it
gets filled with data.

Hence the reason I did not follow your instructions as I thought it was
working allright.

I was not able to open in from within Windows, so installed cron and copy it
every 10 minutes to a different location. I am since then able to open that
new file from Windows.

Problem: The action of copying also creates an entry in /var/log/messages.
So that file is full of these entries.
What is the difference between LogLevel INFO and LogLevel VERBOSE in
/etc/sshd-config?

My properties of /var/log/messages (and here lies the problem that the file
is not accessable from withing Windows):

ls -ld messages
-rw------- 1 SYSTEM root 47648 Apr 28 14:09 messages

getfacl messages
# file: messages
# owner: SYSTEM
# group: root
user::rw-
group::---
mask:rwx
other:---

Should I use chmod on /var/log/messages?

Regards,
Fokke

-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31495952.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

René Berber-2 wrote:
> 
> On 4/27/2011 1:49 PM, Fokke Nauta wrote:
> 
>> I don't have any ll in the shell. Not recognized.
> 
> Oops!  My mistake, ll is an bash alias I defined, its just "ls -alhF
> --color=tty" (actually is an alias that uses the alias ls is defined to,
> but I included what both aliases do for simplicity).
> 
>> So I can't see the 
>> I have syslog-ng running. Should I replace that by autossh?
> 
> No, autossh is something else, I just kept it to show you how a Windows
> service looks, like the sshd.log you have.
> 
>> Strange enough the file /var/log/messages could not be opened by Windows.
>> Tried with Textpad and Notepad. In both occasions it said: "access
>> denied".
>> So I installed cron and now copy /var/log/messages to a different
>> location
>> every 10 minutes. I can now read that file from Windows. However, copying
>> that file creates an entry in the /var/log/messages file.
>> So better quit syslog-ng and cron and use autossh instead?
> 
> No, just run the following to see if everything is running as expected:
> 
> cygrunsrv -LV
> 
> Note the "Account" for both sshd and syslog-ng.  That usually is what
> gives problems.
> 
> If both where installed using the Cygwin provided scripts, perhaps with
> some help as provided in /usr/share/doc/Cygwin/<package>.README, then
> everything would work fine.  My guess is that there is a difference,
> which creates the problem, and it will show in the output of cygrunsrv.
>  If you send it to the list, we probably can spot the problem.
> -- 
> René Berber
> 

Hi René,

Thanks. 
Basically, everything works fine except that it is impossible to open
/var/log/messages in Windows. But, as I already answerd to Cyrille, that is
perhaps a matter if using chmod to that file?

Running cygrunsrv -LV generates:

Service             : cron
Display name        : Cron daemon
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/cron -n
stdin path          : /dev/null
stdout path         : /var/log/cron.log
stderr path         : /var/log/cron.log
Environment         : CYGWIN="ntsec" 
Process Type        : Own Process
Startup             : Automatic
Account             : .\Fokke Nauta

Service             : sshd
Display name        : CYGWIN sshd
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/sshd -D
stdin path          : /dev/null
stdout path         : /var/log/sshd.log
stderr path         : /var/log/sshd.log
Environment         : CYGWIN="ntsec tty" 
Process Type        : Own Process
Startup             : Automatic
Dependencies        : tcpip
Account             : LocalSystem

Service             : syslog-ng
Display name        : CYGWIN syslog-ng
Current State       : Running
Controls Accepted   : Stop
Command             : /usr/sbin/syslog-ng -F
stdin path          : /dev/null
stdout path         : /var/log/syslog-ng.log
stderr path         : /var/log/syslog-ng.log
Process Type        : Own Process
Startup             : Automatic
Account             : LocalSystem

With regards,
Fokke


-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31496002.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Cyrille Lefevre]

Le 28/04/2011 14:29, Fokke Nauta a écrit :
Hi,
> Thanks for your help and explanation.

you're welcome...

> For a beginning: "syslogd must be started before sshd... does it ?"
> It does. I can read the file /var/log/messages from the Cygwin shell and it
> gets filled with data.

right.

> Hence the reason I did not follow your instructions as I thought it was
> working allright.

as you wich.

<snip>

> What is the difference between LogLevel INFO and LogLevel VERBOSE in
> /etc/sshd-config?

I'd like the following message which permit to identify the incoming 
connexion :

Apr 25 23:35:03 pcvista sshd: PID 11500: Found matching DSA key: 
a5:44:9f:8e:2e:ea:76:7a:4f:6e:46:7f:08:25:67:6e

> My properties of /var/log/messages (and here lies the problem that the file
> is not accessable from withing Windows):
>
> ls -ld messages
> -rw------- 1 SYSTEM root 47648 Apr 28 14:09 messages
>
> getfacl messages
> # file: messages
> # owner: SYSTEM
> # group: root
> user::rw-
> group::---
> mask:rwx
> other:---
>
> Should I use chmod on /var/log/messages?

no, setfacl %-|

(getfacl messages  | echo group:Users:r--) | setfacl -m -f - messages

PS : replace Users by the equivalents group on your system (Utilisateurs 
in french under Vista, don't know under XP ?)
well, the last one :
v2$ id
uid=1000(Cyrille) gid=513(None) 
groups=513(None),0(root),544(Administrateurs),545(Utilisateurs)


Regards,

Cyrille Lefevre
-- 
mailto:Cyrille.Lefevre-lists@laposte.net



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Cyrille Lefevre wrote:
> 
> 
> Le 28/04/2011 14:29, Fokke Nauta a écrit :
> Hi,
>> Thanks for your help and explanation.
> 
> you're welcome...
> 
>> For a beginning: "syslogd must be started before sshd... does it ?"
>> It does. I can read the file /var/log/messages from the Cygwin shell and
>> it
>> gets filled with data.
> 
> right.
> 
>> Hence the reason I did not follow your instructions as I thought it was
>> working allright.
> 
> as you wich.
> 
> <snip>
> 
>> What is the difference between LogLevel INFO and LogLevel VERBOSE in
>> /etc/sshd-config?
> 
> I'd like the following message which permit to identify the incoming 
> connexion :
> 
> Apr 25 23:35:03 pcvista sshd: PID 11500: Found matching DSA key: 
> a5:44:9f:8e:2e:ea:76:7a:4f:6e:46:7f:08:25:67:6e
> 
>> My properties of /var/log/messages (and here lies the problem that the
>> file
>> is not accessable from withing Windows):
>>
>> ls -ld messages
>> -rw------- 1 SYSTEM root 47648 Apr 28 14:09 messages
>>
>> getfacl messages
>> # file: messages
>> # owner: SYSTEM
>> # group: root
>> user::rw-
>> group::---
>> mask:rwx
>> other:---
>>
>> Should I use chmod on /var/log/messages?
> 
> no, setfacl %-|
> 
> (getfacl messages  | echo group:Users:r--) | setfacl -m -f - messages
> 
> PS : replace Users by the equivalents group on your system (Utilisateurs 
> in french under Vista, don't know under XP ?)
> well, the last one :
> v2$ id
> uid=1000(Cyrille) gid=513(None) 
> groups=513(None),0(root),544(Administrateurs),545(Utilisateurs)
> 
> 
> Regards,
> 
> Cyrille Lefevre
> 

Hi,

I entered (getfacl messages  | echo group:Users:r--) | setfacl -m -f -
messages
and got as result: Segmentation fault (core dumped)

Here is the dump:
Exception: STATUS_ACCESS_VIOLATION at eip=611134F9
eax=00000000 ebx=61245B54 ecx=0000662D edx=FEFF0100 esi=61245B54
edi=00403F98
ebp=0022BFA8 esp=0022BF90 program=D:\cygwin\bin\setfacl.exe, pid 1712,
thread main
cs=001B ds=0023 es=0023 fs=003B gs=0000 ss=0023
Stack trace:
Frame     Function  Args
0022BFA8  611134F9  (61245B54, 0000003A, 0022BFD8, 6111452F)
0022BFD8  004015C5  (00000002, 61245B54, 0022C144, 000006B0)
0022C108  004018B0  (00000002, 61245B54, 0022C144, 0022CD44)
0022CD58  00401B8F  (61245B40, 00000000, 0022CD98, 61007038)
0022CD98  61007038  (00000000, 0022CDD4, 61006980, 7FFDD000)
End of stack trace

id gives:
uid=1003(Fokke Nauta) gid=513(None)
groups=513(None),0(root),544(Administrators),545(Users),1005(boinc_admins)

Now everything works fine except that every action of copying
/var/log/messages to /cygdrive/e/files/logs/cygwin/ssh.log generates an
entry in /var/log/messages. Is there any way to avoid that?

Regards,
Fokke

-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31503455.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Corinna Vinschen]

On Apr 29 01:21, Fokke Nauta wrote:
> Cyrille Lefevre wrote:
> > no, setfacl %-|
> > 
> > (getfacl messages  | echo group:Users:r--) | setfacl -m -f - messages
> > 
> > PS : replace Users by the equivalents group on your system (Utilisateurs 
> > in french under Vista, don't know under XP ?)
> > well, the last one :
> > v2$ id
> > uid=1000(Cyrille) gid=513(None) 
> > groups=513(None),0(root),544(Administrateurs),545(Utilisateurs)
> > 
> > 
> > Regards,
> > 
> > Cyrille Lefevre
> > 
> 
> Hi,
> 
> I entered (getfacl messages  | echo group:Users:r--) | setfacl -m -f -
> messages
> and got as result: Segmentation fault (core dumped)

I can't reproduce the SEGV.  However, your expression is wrong
anyway:

- (getfacl messages | echo group:Users:r--)

  This expression only echos the "group:Users:r--" line, the output
  of getfacl is simple lost since echo doesn't copy its stdin to
  stdout.  What you really want is this:

  (getfacl messages ; echo group:Users:r--)

  Note the semicolon instead of the pipe.

- setfacl -m -f -

  This doesn't work.  The -f option is always a set option and can't
  combined with the -m option.  So just use

  setfacl -f -
  
- Did you notice Cyrille's hint about the name of the Users group?
  It's not always Users, rather it is localized, for instance
  "Utilisateurs" in french, "Benutzer" in german, etc.  If you
  use "Users" on a non-English system, you are probably out of luck.

  Fortunately you can also use the gid instead of the group name:

  (getfacl messages ; echo group:545:r--) | setfacl -f -


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Corinna Vinschen-2 wrote:
> 
> On Apr 29 01:21, Fokke Nauta wrote:
>> Cyrille Lefevre wrote:
>> > no, setfacl %-|
>> > 
>> > (getfacl messages  | echo group:Users:r--) | setfacl -m -f - messages
>> > 
>> > PS : replace Users by the equivalents group on your system
>> (Utilisateurs 
>> > in french under Vista, don't know under XP ?)
>> > well, the last one :
>> > v2$ id
>> > uid=1000(Cyrille) gid=513(None) 
>> > groups=513(None),0(root),544(Administrateurs),545(Utilisateurs)
>> > 
>> > 
>> > Regards,
>> > 
>> > Cyrille Lefevre
>> > 
>> 
>> Hi,
>> 
>> I entered (getfacl messages  | echo group:Users:r--) | setfacl -m -f -
>> messages
>> and got as result: Segmentation fault (core dumped)
> 
> I can't reproduce the SEGV.  However, your expression is wrong
> anyway:
> 
> - (getfacl messages | echo group:Users:r--)
> 
>   This expression only echos the "group:Users:r--" line, the output
>   of getfacl is simple lost since echo doesn't copy its stdin to
>   stdout.  What you really want is this:
> 
>   (getfacl messages ; echo group:Users:r--)
> 
>   Note the semicolon instead of the pipe.
> 
> - setfacl -m -f -
> 
>   This doesn't work.  The -f option is always a set option and can't
>   combined with the -m option.  So just use
> 
>   setfacl -f -
>   
> - Did you notice Cyrille's hint about the name of the Users group?
>   It's not always Users, rather it is localized, for instance
>   "Utilisateurs" in french, "Benutzer" in german, etc.  If you
>   use "Users" on a non-English system, you are probably out of luck.
> 
>   Fortunately you can also use the gid instead of the group name:
> 
>   (getfacl messages ; echo group:545:r--) | setfacl -f -
> 
> 
> Corinna
> 

Hi, 

Thanks.
Entering "(getfacl messages ; echo group:545:r--) | setfacl -f -" starts up
the help function of setfacl.
Replacing the last dash by messages results in an error message.

Yes, I noticed Cyrilles hint. I am working on an English machine and the
command id shows the group Users indeed.

Regards,
Fokke

-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31503700.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Corinna Vinschen]

On Apr 29 02:02, Fokke Nauta wrote:
> Corinna Vinschen-2 wrote:
> >   Fortunately you can also use the gid instead of the group name:
> > 
> >   (getfacl messages ; echo group:545:r--) | setfacl -f -
> > 
> > 
> > Corinna
> > 
> 
> Hi, 
> 
> Thanks.
> Entering "(getfacl messages ; echo group:545:r--) | setfacl -f -" starts up
> the help function of setfacl.
> Replacing the last dash by messages results in an error message.

My fault.  Should have been:

  (getfacl messages ; echo group:545:r--) | setfacl -f - messages


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Fokke Nauta]

Corinna Vinschen-2 wrote:
> 
> On Apr 29 02:02, Fokke Nauta wrote:
>> Corinna Vinschen-2 wrote:
>> >   Fortunately you can also use the gid instead of the group name:
>> > 
>> >   (getfacl messages ; echo group:545:r--) | setfacl -f -
>> > 
>> > 
>> > Corinna
>> > 
>> 
>> Hi, 
>> 
>> Thanks.
>> Entering "(getfacl messages ; echo group:545:r--) | setfacl -f -" starts
>> up
>> the help function of setfacl.
>> Replacing the last dash by messages results in an error message.
> 
> My fault.  Should have been:
> 
>   (getfacl messages ; echo group:545:r--) | setfacl -f - messages
> 
> 
> Corinna
> 

Thanks, that worked. I am now able to access /var/log/messages from within
Windows. I can now shutdown the cron service, thus avoiding the extra
entries.

With regards,
Fokke

-- 
View this message in context: http://old.nabble.com/Enable-logging-remote-ssh-contacts-tp31478200p31503886.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Enable logging remote ssh contacts

[Cyrille Lefevre]

Le 29/04/2011 10:44, Corinna Vinschen a écrit :
>
> On Apr 29 01:21, Fokke Nauta wrote:
<snip>
> I can't reproduce the SEGV.  However, your expression is wrong
> anyway:
>
> - (getfacl messages | echo group:Users:r--)

typo, sorry

> - setfacl -m -f -

typo yet, I would like to say -r -f -

humm, what is the purpose of -r in fact ?

>    Fortunately you can also use the gid instead of the group name:
>
>    (getfacl messages ; echo group:545:r--) | setfacl -f -

I have a doubt about that, the reason I didn't talk about it.

PS : I was very tired when I do the answer, 36h w/o sleeping... %-/

Regards,

Cyrille Lefevre
-- 
mailto:Cyrille.Lefevre-lists@laposte.net



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple