[ssh_x509] Consider logging "run in FIPS mode" as DEBUG level message

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Mar 2 23:16:00 EET 2017


Hi Roumen,

The following INFO-level message is printed to syslog when operating in 
FIPS mode:

Jan 01 00:00:00 HOST sshd[3333]: sshd run in FIPS mode

This is printed for all sub-sshd processes that get started (ref. line 
2198: execv(rexec_argv[0], rexec_argv);) and not just for the main sshd.

In our application, we setup and close several ssh connections per 
minutes (those are triggered by processes, not humans). So we end up 
with lots of "sshd run in FIPS mode" showing up in the syslog.

I was wondering if you would consider changing the level of this message 
from INFO to DEBUG1 (or even lower) so that it would not appear with 
every ssh connection. Another option would be to only print it for the 
main sshd process and not every sub-process.

In the meantime we're going to change LogLevel from INFO to ERROR in 
sshd_config.

Thanks,

Martin Belanger
Dell Networking



More information about the ssh_x509 mailing list