[systemd-devel] Reusing stdout-syslog-bridge under sshd

[Albert Strasheim]

Hello all

We have the following situation:

We have a service that is exposed through OpenSSH.

The unit looks like this:

[Unit]
Description=bar Server

[Service]
ExecStart=-@/usr/sbin/sshd bar -ddd -i -f /etc/ssh/sshd_config_bar
StandardInput=socket
StandardOutput=socket
StandardError=syslog

[Install]
Also=bar.socket

Using the very cool ExecStart trick, we can put custom PAM
configuration at /etc/pam.d/bar.

As far as I understand, sshd logs to syslog directly so the
StandardError=syslog has no effect. However, we can configure facility
for sshd itself in our /etc/ssh/sshd_config_bar file.

This file contains (amongst other things):

SyslogFacility AUTHPRIV
Subsystem bar /opt/bar/bin/bar
Subsystem sftp internal-sftp

Users of the bar service have a special shell configured to make the
subsystem work.

This shell starts the subsystem with stdin and stdout unchanged, so
the bar program reads/writes data via the encrypted SSH connection.

At the moment, the bar commands logs to stderr, which is also
forwarded over the SSH connection to the client.

However, I would like to send the stderr output from bar to syslog on
the server as if it were started directly under systemd.

Finally my question: is it possible for my custom shell to connect
stderr of bar to stdout-syslog-bridge? Is this feasible, or was
stdout-syslog-bridge designed to interact with systemd only?

I've also looked at using logger in the util-linux package, but it
isn't quite flexible enough. Also, our logging code already supports
the facility/level prefix expected by stdout-syslog-bridge, so it
would be nice to reuse the mechanism.

Regards

Albert