SSH and forced wtmp entries ...
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Wed May 9 05:13:23 EST 2001
On Tue, May 08, 2001 at 08:02:04AM +0200, Randolf Skerka wrote:
> On Mon, May 07, 2001 at 03:03:03PM +0200, Markus Friedl wrote:
> > try to use
> > ssh -t host command
> >
> > is this ok?
>
> No, doesn't work, tried it before :-(
-t allocates a tty and adds user to lastlog. so what's wrong?
if it does not add the user, then it's a bug.
> > why do you need wtmp? ssh just emulates the
> > traditional rsh/rlogin behaviour. wtmp gets
> > updated only if you allocate a tty.
> >
> > every login is registered in /var/log/authlog
>
> Well, wtmp is available on all platforms. HP-UX does not have a
> /var/log/authlog for example.
this does not depend on the OS but on syslog.conf and
sshd_config, but this is not my point.
> Why I need it? Simple, if somebody enters "ssh worldserver rm -rf /" I
> would like to know who did it ... ok, bad example rm will remove wtmp
> too but I think you know what I mean, right?
>
> Yesterday I've looked into the source but it's a bit to complex for me
> to support a patch. I think we do not need a correct tty entry, we could
> use a faked one. It's important to have the hostname, username date and
> time. It's correct, rsh/rlogin does not update wtmp in that case, but
> wouldn't OpenSSH be better ;-)
this is logged in wherever syslogd puts the SyslogFacility
from sshd_config.
-m
More information about the openssh-unix-dev
mailing list