OpenSSH accesslog : Logging ciphers, MAC and user agent How to log the `Protocol`, `KexAlgorithm`, `Cipher` and `MAC` algorithm negociated by the client and the client's user agent string? What I'm looking for is the...--prophetes.ai

OpenSSH accesslog : Logging ciphers, MAC and user agent How to log the `Protocol`, `KexAlgorithm`, `Cipher` and `MAC` algorithm negociated by the client and the client's user agent string? What I'm looking for is the OpenSSH equivalent to Apache HTTPD's CustomLog+LogFormat+mod_ssl `%{SSL_PROTOCOL}x %{SSL_CIPHER}x` \+ `%{User-agent}i` I want to log (on the server side) the same information that are availiable on the client side : $ ssh -v localhost 2>&1 |grep kex debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none + $ ssh -v localhost 2>&1 |grep version debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7

Use at least `LogLevel DEBUG` to see these message in the server log. Also do not forget to restart the `sshd` service after the change.

sshd[31049]: debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4+deb7u3

sshd[31049]: debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
sshd[31049]: debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]

If you mean SSH client version by the "user agent".

Also note that there will be a lot of more information in the logs. If you use RHEL/Fedora, these information should be already in the `audit` log (except the client software version).