SSH access logging omits username and IP information in access logs

[szsahin]

Description

When gitea access log is enabled (ENABLE_ACCESS_LOG=true) and you access the server via HTTP, it provides username and IP information in access logs. But when you access the server via SSH and enable SSH acces log (ENABLE_SSH_LOG=true), we can not see these information in access.log.

When we look at the users "Settings -> SSH/GPG keys" page, we can see that gitea understands and processes the relevant user information(date and SSH key), and so it can show us when the SSH key is last used.. But not seeing that information details in the access.log file, makes very hard to determine SSH access problems.

And as I mentioned above, it is clear that Gitea has the means to process the information, but simply it does not show the information in the SSH access logs.

[log]
MODE              = console,file
LEVEL             = debug
ROOT_PATH         = /opt/git/server/log
ROUTER            = console,file
ENABLE_ACCESS_LOG = true
ACCESS            = file
ENABLE_SSH_LOG    = true

[log.file.access]
LEVEL             = debug

[log.file.router]
LEVEL             = debug

Gitea Version

1.17.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

HTTP access logs

10.100.7.45:0 - - [19/Sep/2022:16:56:32 +0300] "GET /MYORGANISATION/myapp-bundle-docker.git/info/refs?service=git-upload-pack HTTP/1.0" 401 13 "\" \"git/2.27.0"
10.100.7.45:0 - - [19/Sep/2022:16:56:32 +0300] "GET /MYORGANISATION/myapp-bundle-docker.git/info/refs?service=git-upload-pack HTTP/1.0" 401 13 "\" \"git/2.27.0"
10.100.7.45:0 - myuser [19/Sep/2022:16:56:40 +0300] "GET /MYORGANISATION/myapp-bundle-docker.git/info/refs?service=git-upload-pack HTTP/1.0" 200 935 "\" \"git/2.27.0"
10.100.7.45:0 - myuser [19/Sep/2022:16:56:40 +0300] "POST /MYORGANISATION/myapp-bundle-docker.git/git-upload-pack HTTP/1.0" 200 106889739 "\" \"git/2.27.0"

SSH access logs

127.0.0.1:59694 - - [19/Sep/2022:16:58:33 +0300] "GET /api/internal/serv/command/5/myorganisation/myapp-bundle-docker?mode=1&verb=git-upload-pack HTTP/1.1" 200 217 "\" \"GiteaServer"
127.0.0.1:59730 - - [19/Sep/2022:16:58:53 +0300] "POST /api/internal/ssh/5/update/5 HTTP/1.1" 200 7 "\" \"GiteaServer"

Screenshots

No response

Git Version

2.27.0

Operating System

RHEL 8

How are you running Gitea?

We are running " gitea-1.17.2-linux-amd64 " as a systemd service.

Database

SQLite

[szsahin]

Router logs also suffering from similar problem, IP information is seen as 127.0.0.1

HTTP router logs

2022/09/19 16:56:32 [63287510] router: completed GET /MYORGANISATION/myapp-bundle-docker.git/info/refs?service=git-upload-pack for 10.100.7.45:0, 401 Unauthorized in 1.6ms @ repo/http.go:532(repo.GetInfoRefs)
2022/09/19 16:56:32 [63287510-2] router: completed GET /MYORGANISATION/myapp-bundle-docker.git/info/refs?service=git-upload-pack for 10.100.7.45:0, 401 Unauthorized in 17.9ms @ repo/http.go:532(repo.GetInfoRefs)
2022/09/19 16:56:40 [63287518] router: completed GET /MYORGANISATION/myapp-bundle-docker.git/info/refs?service=git-upload-pack for 10.100.7.45:0, 200 OK in 27.7ms @ repo/http.go:532(repo.GetInfoRefs)
2022/09/19 16:56:44 [63286d42-52] router: slow      POST /MYORGANISATION/myapp-bundle-docker.git/git-upload-pack for 10.100.7.45:0, elapsed 3722.6ms @ repo/http.go:492(repo.ServiceUploadPack)
2022/09/19 16:57:00 [63287518-3] router: completed POST /MYORGANISATION/myapp-bundle-docker.git/git-upload-pack for 10.100.7.45:0, 200 OK in 20083.2ms @ repo/http.go:492(repo.ServiceUploadPack)

SSH router logs

2022/09/19 16:58:33 [63287589] router: completed GET /api/internal/serv/command/5/myorganisation/myapp-bundle-docker?mode=1&verb=git-upload-pack for 127.0.0.1:59694, 200 OK in 3.1ms @ private/serv.go:81(private.ServCommand)
2022/09/19 16:58:54 [6328759d] router: completed POST /api/internal/ssh/5/update/5 for 127.0.0.1:59730, 200 OK in 14.6ms @ private/key.go:18(private.UpdatePublicKeyInRepo)

[techknowlogick]

You are looking at internal API calls, which are made from the Gitea process itself hence the 127.0.0.1 showing up. SSH has a non-router logger you can refer to if you wish to use fail2ban or some such, although I suspect you are using opensshd which 100% doesn't have an x-forwarded-for http header (as it isn't http but triggers a local binary), if that is indeed the case you would need to refer to opensshd for IP information as it is not passed to Gitea so we would be unable to log it.