SSH and forced wtmp entries ...

Jim Knoble jmknoble at jmknoble.cx
Tue May 8 16:33:17 EST 2001


Circa 2001-May-08 08:02:04 +0200 dixit Randolf Skerka:

: On Mon, May 07, 2001 at 03:03:03PM +0200, Markus Friedl wrote:
: > try to use
: > 	ssh -t host command 
: > 
: > is this ok?
: 
: No, doesn't work, tried it before :-(
: 
: > why do you need wtmp? ssh just emulates the
: > traditional rsh/rlogin behaviour. wtmp gets
: > updated only if you allocate a tty.
: > 
: > every login is registered in /var/log/authlog
: 
: Well, wtmp is available on all platforms. HP-UX does not have a
: /var/log/authlog for example.

I think what Markus meant is that sshd logs all logins via syslogd,
via the 'auth' facility, unless you've explicity configured it not to.

: Why I need it? Simple, if somebody enters "ssh worldserver rm -rf /" I
: would like to know who did it ... ok, bad example rm will remove wtmp
: too but I think you know what I mean, right?

If you're worried about someone being able to do that, then you have
granted too much authority to people you don't trust.

-- 
jim knoble | jmknoble at jmknoble.cx | http://www.jmknoble.cx/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010508/f400f619/attachment.bin 


More information about the openssh-unix-dev mailing list