bug in lastlog logging?
Rip Loomis
loomisg at cist.saic.com
Fri Jul 28 05:31:39 EST 2000
Henry--
Frequently, the login name that shows up in logs
and such is the first account listed in /etc/passwd
with the correct UID. I've personally seen this
in a lot of other cases, although not specifically
with OpenSSH.
One of the steps we normally do when hardening a
system is to ensure that no two accounts have the
same UID--essentially, there is always a better
solution.
Not 100% sure if this is what is causing the
symptom you're seeing, but it sure sounds like
it. I think the answer is "Hey doc...it hurts
when I do this!" "Well, then don't do that any
more."
Rip Loomis Voice Number: (410) 953-6874
--------------------------------------------------------
Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com
-----Original Message-----
From: owner-openssh-unix-dev at mindrot.org
[mailto:owner-openssh-unix-dev at mindrot.org]On Behalf Of Henry E. Thorpe
Sent: Thursday, July 27, 2000 3:08 PM
To: openssh-unix-dev at mindrot.org
Subject: bug in lastlog logging?
Folks;
I couldn't find anything on my archive of the mailing list on this,
and it may just be my mis-understanding, but:
When I "ssh machine1 -l user1" as user2 on machine2, if user2 has the
same uid on machine1, then user2's name ends up in lastlog, instead of
user1's.
This is a bit disconcerting when user2 is root, and root isn't allowed
to remotely log in on machine1.
I haven't dived into the code yet? Is the bug in openssh, or my
understanding?
This is with machine1 running openssh-2.1.1p1 under RedHat Linux 6.2,
and machine2 being either openssh-2.1.0p2 on RedHat Linux 6.0, "SSH
Version 1.2.26 [i386-unknown-freebsd3.1], protocol version 1.5" on
FreeBSD 3.1-RELEASE, or openssh-2.1.1p2 on Sparc/Solaris 2.6.
Please slap me if this is of no import.
--
____________________________________________________________
Henry E. Thorpe
AT&T Labs WorldNet Hosting Planning and Development
thorpe at lynxhub.att.com
More information about the openssh-unix-dev
mailing list