I've installed ssh and syslog-ng through cygwin (V3.2) on a Windows Server 2012 and attempting to get log output out of sshd. I'm using the default /etc/syslog-ng/syslog-ng.conf file…
@version: 3.2
@include "scl.conf"
source s_local {
system();
internal();
};
source s_network {
udp();
};
destination d_local {
file("/var/log/messages");
};
log {
source(s_local);
# uncomment this line to open port 514 to receive messages
#source(s_network);
destination(d_local);
};
My /etc/sshd_config file contains only the following uncommented lines…
Port 22
SyslogFacility LOCAL5
LogLevel VERBOSE
StrictModes no
AuthorizedKeysFile /etc/authorized_keys
Subsystem sftp /usr/sbin/sftp-server -f LOCAL5 -l VERBOSE
The startup/shutdown of sshd is being successfully logged to /var/log/messages:
Jun 23 12:37:31 ga16irwebdev01 sshd: PID 4552: Server listening on :: port 22.
Jun 23 12:37:31 ga16irwebdev01 sshd: PID 4552: Server listening on 0.0.0.0 port 22.
Jun 23 12:37:32 ga16irwebdev01 sshd: PID 6648: `sshd' service started
However, I get nothing in the log when I attempt to "ssh" to this box from a remote box. The remote ssh request is failing due to sshd not accepting my dsa key, and I'm trying to debug that issue, but cannot get any info in the log to do so.
Could anyone suggest why sshd would not be logging (failed) connection requests?
More info…
My /var/log directory:
$ ls -l
total 756
-rw-r--r-- 1 GA16IRWEBDEV01+cyg_server Administrators 0 Jun 22 14:56 lastlog
-rw------- 1 SYSTEM SYSTEM 15714 Jun 23 15:58 messages
-rw-r--r-- 1 MDowd.adm Administrators 41836 Jun 23 10:40 setup.log
-rw-r--r-- 1 MDowd.adm Administrators 712122 Jun 23 10:40 setup.log.full
-rwxrwxrwx 1 GA16IRWEBDEV01+cyg_server Administrators 0 Jun 22 15:00 sshd.log
-rw----r-- 1 SYSTEM SYSTEM 0 Jun 23 10:47 syslog-ng.log
My /dev/log:
$ ls -l | grep log
srw----rw- 1 SYSTEM SYSTEM 0 Jun 23 15:58 log
Best Answer
on the remote box, try running ssh with the -vvv option to get verbose output from the client. That might help to resolve the issue.