UseLogin yes and 'w': IP address used
Pekka Savola
pekkas at netcore.fi
Wed Aug 9 20:30:03 EST 2000
> > There are actually two problems here, I think. 'w' showing the IP address
> > and logins getting double recorded.
>
> The 'w' issue looks deliberate - OpenSSH passes the IP address to login(1)
> presumably because hostnames are lest trustworthy than addresses.
The more I think about this, the more I feel this should be
configurable. I'm not sure if it's login(1)'s job to do DNS lookups.
Perhaps there should be a compile-time option to toggle this behaviour
on/off, or something in sshd_config?
It's not as if login(1) does that much using hostname or IP address. Just
log it in [uw]tmp, etc. AFAIK. All the checks have already been done in
OpenSSH.
Almost all systems I have seen print hostnames with w(1). Should OpenSSH
change this behaviour if UseLogin is enabled?
This is one of these useability vs little more security issues I guess.
--
Pekka Savola "Tell me of difficulties surmounted,
Pekka.Savola at netcore.fi not those you stumble over and fall"
More information about the openssh-unix-dev
mailing list