Hank Leininger has written a couple of useful patches for OpenSSH available
at http://www.theaimsgroup.com/~hlein/haqs/openssh-3.0.2p1-hap-2.diff
(full page at http://www.theaimsgroup.com/~hlein/haqs/); he has been
maintaining them for now quite a long time (I know these patches from
OpenSSH 2.5.x on) and I regularly use them on my systems:
---cut
-Adds key fingerprint logging for the specific RSA1/RSA/DSA key which
authenticates a session
-Idle connection traffic generation by Dick Streefland
-TCP keepalives for local and remote port-forwarded connections by
Manoj Kasichainula
-Includes the chroot patch (with a small bugfix) from the openssh contrib code
-Includes a first cut of improved logging for the sftp subsystem by Jason Dour.
This adds logging of success and failure for file retrieval, mkdir, chmod, etc.
I will probably add file-listing (ls) to the list--the idea is to be able to
log as verbosely as ftpd's. Currently the extra information is logged at
INFO loglevel; perhaps this should be a seperate sshd_config keyword?
---cut
Especially the fingerprint logging has been useful to me in the past
(find out who used a shared account or which tool didn't work properly),
but the other ones are also interesting features.
In the past, I used to manually patch Debian's OpenSSH and repackage it
for our own use, but one (idle traffic generation) out of the five
features provided by Hank Leininger's patches has also been included in
the current packages under a different configuration option, so a clean merge
isn't that easy and needs manual work being done.
Since these patches have proven to be both very stable and useful to me, I'd
like to have Hank's patches also included in the standard debian packages
for OpenSSH (or at least a debian source package onto which Hanks patches
may be cleanly applied :-).
Anders
--
Schlund + Partner AG Systemadministration
Erbprinzenstrasse 4-12 v://49.721.91374.50
D-76133 Karlsruhe f://49.721.91374.212