anomalous wtmp logging bug

Alex alex at
Fri Mar 31 18:31:19 EST 2000

I've noticed rather strange wtmp logging behavior in sshd.  Can anyone
confirm or solve the following: 

Once a user authenticates themself to sshd, sshd among other things
records the login in the wtmp, which `last` reads.  However, sshd logs
hostnames  which are longer than 16 characters instead of IPs like normal
programs would.  As a result, I have useless entries such as:

tempest          ttyp4    1cust126.tnt5.ta Sat Mar 11 22:33 - 14:03

which there is no way of telling what IP that was from.

One option I found using was the UseLogin option, where openssh
authenticates via login(1).  This would work correctly but the wtmp
logging was awkward:

tempest          ttyp4    Sat Mar 11 22:33 - 14:03
tempest          ttyp4    1cust126.tnt5.ta Sat Mar 11 22:33   still logged

Instead of only login(1) making the entry, both login(1) and sshd did,
however login(1) logged it correctly (via only the IP) but sshd also
logged it, incorrectly, and didn't 'log the user off' properly.

How can i make sshd log via ONLY login(1) w/o sshd re-logging the event,
OR How can i make sshd do the logging properly (not logging hostnames that
get cut off). The OpenSSH version I'm working with is 1.2.2 on a FreeBSD
system. Thanks in advance.


More information about the openssh-unix-dev mailing list