[Bug 3965] New: SSH sessions not recorded in utmp/utmpx on non-PAM systems (OpenSSH 9.x regression)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat May 30 23:14:41 AEST 2026 

https://bugzilla.mindrot.org/show_bug.cgi?id=3965

            Bug ID: 3965
           Summary: SSH sessions not recorded in utmp/utmpx on non-PAM
                    systems (OpenSSH 9.x regression)
           Product: Portable OpenSSH
           Version: 9.8p1
          Hardware: amd64
                OS: Other
            Status: NEW
          Severity: major
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cary.lewis at gmail.com

Product: Portable OpenSSH
  Version: 9.8p1 (likely affects all 9.x)
  Regression from: 8.5p1

  Description:

  On non-PAM systems (tested on SCO OpenServer 5.0.7), SSH sessions no
longer appear in who/who -u after upgrading from
  8.5p1 to 9.8p1. Telnet sessions are unaffected.

  Root cause:

  In 8.5p1, session.c recorded logins and logouts inside if
(!use_privsep) guards:

  /* do_login() */
  if (!use_privsep)
      record_login(pid, s->tty, pw->pw_name, pw->pw_uid, ...);

  /* session_pty_cleanup() */
  PRIVSEP(session_pty_cleanup2(s));  /* calls record_logout when
!use_privsep */

  When use_privsep was removed in 9.x (privsep became unconditional),
these blocks were deleted with no replacement for
  non-PAM platforms. On PAM systems this is fine because pam_session
handles utmp recording. On non-PAM systems nothing
  records the login or logout.

  The monitor path (mm_record_login in monitor.c) is not called on this
platform because mm_answer_pty is never reached
  — the session child allocates the pty directly since it runs as root.

  Fix: Two additions to session.c:

  /* In do_login(), after getpeername block: */
  record_login(getpid(), s->tty, s->pw->pw_name, s->pw->pw_uid,
      session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
      (struct sockaddr *)&from, fromlen);

  /* In session_pty_cleanup(), before mm_session_pty_cleanup2(): */
  if (s->pid != 0 && s->tty[0] != '\0')
      record_logout(s->pid, s->tty, s->pw->pw_name);

  The session child runs as root at both call sites, so pututxline()
succeeds.

Note: I confirmed this issue on SCO 5.0.7 but I believe the same issue
would affect any non-PAM OpenSSH build.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list