SSH and forced wtmp entries ...
Randolf Skerka
Randolf-ML at Skerka.de
Tue May 8 16:02:04 EST 2001
On Mon, May 07, 2001 at 03:03:03PM +0200, Markus Friedl wrote:
> try to use
> ssh -t host command
>
> is this ok?
No, doesn't work, tried it before :-(
> why do you need wtmp? ssh just emulates the
> traditional rsh/rlogin behaviour. wtmp gets
> updated only if you allocate a tty.
>
> every login is registered in /var/log/authlog
Well, wtmp is available on all platforms. HP-UX does not have a
/var/log/authlog for example.
Why I need it? Simple, if somebody enters "ssh worldserver rm -rf /" I
would like to know who did it ... ok, bad example rm will remove wtmp
too but I think you know what I mean, right?
Yesterday I've looked into the source but it's a bit to complex for me
to support a patch. I think we do not need a correct tty entry, we could
use a faked one. It's important to have the hostname, username date and
time. It's correct, rsh/rlogin does not update wtmp in that case, but
wouldn't OpenSSH be better ;-)
By, would like to see a solution *smile*
Randolf
More information about the openssh-unix-dev
mailing list