anomalous wtmp logging bug
Alex
alex at forbin.diebold.net
Fri Mar 31 18:31:19 EST 2000
I've noticed rather strange wtmp logging behavior in sshd. Can anyone
confirm or solve the following:
Once a user authenticates themself to sshd, sshd among other things
records the login in the wtmp, which `last` reads. However, sshd logs
hostnames which are longer than 16 characters instead of IPs like normal
programs would. As a result, I have useless entries such as:
tempest ttyp4 1cust126.tnt5.ta Sat Mar 11 22:33 - 14:03
(15:29)
which there is no way of telling what IP that was from.
One option I found using was the UseLogin option, where openssh
authenticates via login(1). This would work correctly but the wtmp
logging was awkward:
tempest ttyp4 63.10.229.126 Sat Mar 11 22:33 - 14:03
(15:29)
tempest ttyp4 1cust126.tnt5.ta Sat Mar 11 22:33 still logged
in
Instead of only login(1) making the entry, both login(1) and sshd did,
however login(1) logged it correctly (via only the IP) but sshd also
logged it, incorrectly, and didn't 'log the user off' properly.
How can i make sshd log via ONLY login(1) w/o sshd re-logging the event,
OR How can i make sshd do the logging properly (not logging hostnames that
get cut off). The OpenSSH version I'm working with is 1.2.2 on a FreeBSD
system. Thanks in advance.
Regards,
Alex
More information about the openssh-unix-dev
mailing list