anomalous wtmp logging bug

Alex alex at
Sun Apr 2 19:22:46 EST 2000

On Fri, 31 Mar 2000, Damien Miller wrote:

> On Fri, 31 Mar 2000, Alex wrote:
> > 
> > I've noticed rather strange wtmp logging behavior in sshd.  Can anyone
> > confirm or solve the following: 
> > 
> > Once a user authenticates themself to sshd, sshd among other things
> > records the login in the wtmp, which `last` reads.  However, sshd
> > logs hostnames which are longer than 16 characters instead of IPs
> > like normal programs would.  As a result, I have useless entries
> > such as:
Thanks for the speedy answer.  I remember posting before with no reply,
I'm glad my cries are finally heard :-)
> OpenSSH logs both hostname and IP address if you wtmp supports it.
> Under RedHat Linux I can get the IP addresses using "last -i". If
> you would prefer IP addresses being logged instead of hostname, 
> you may want to hack on login.c. grep for ut_host and ut_addr.

I forgot to mention the system; It's a FreeBSD system (i've upgraded it
to 4.0 from 3.3 recently, but it behaved like this already).  I checked
the man page for 'last' and there is no option to see the IP.  I assume
my wtmp logging setup doesn't support dual IP/hostname logging.  A
suggestion I have is an option to detect that and/or a configure --option
to build sshd appropriately.

In the mean time, can you suggest what changes should be made to the
source to have sshd build so that it doesn't log when Login(1) is used?
Either that or have sshd log the IP if the hostname is longer than 16
chars (probably defined in wtmp.h though).

A patch would be much more helpful (not to mention appreciated).  I dont
trust myself with modifying the source enough to post one myself.


> -d
> --
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller -
> | Email: djm at (home) -or- djm at (work)

More information about the openssh-unix-dev mailing list