SSH and forced wtmp entries ...
Jim Knoble
jmknoble at jmknoble.cx
Tue May 8 16:33:17 EST 2001
Circa 2001-May-08 08:02:04 +0200 dixit Randolf Skerka:
: On Mon, May 07, 2001 at 03:03:03PM +0200, Markus Friedl wrote:
: > try to use
: > ssh -t host command
: >
: > is this ok?
:
: No, doesn't work, tried it before :-(
:
: > why do you need wtmp? ssh just emulates the
: > traditional rsh/rlogin behaviour. wtmp gets
: > updated only if you allocate a tty.
: >
: > every login is registered in /var/log/authlog
:
: Well, wtmp is available on all platforms. HP-UX does not have a
: /var/log/authlog for example.
I think what Markus meant is that sshd logs all logins via syslogd,
via the 'auth' facility, unless you've explicity configured it not to.
: Why I need it? Simple, if somebody enters "ssh worldserver rm -rf /" I
: would like to know who did it ... ok, bad example rm will remove wtmp
: too but I think you know what I mean, right?
If you're worried about someone being able to do that, then you have
granted too much authority to people you don't trust.
--
jim knoble | jmknoble at jmknoble.cx | http://www.jmknoble.cx/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010508/f400f619/attachment.bin
More information about the openssh-unix-dev
mailing list