SSH and forced wtmp entries ...
Andrew Bartlett
abartlet at pcug.org.au
Fri May 11 14:10:45 EST 2001
Markus Friedl wrote:
>
> On Wed, May 09, 2001 at 08:35:01PM +0200, Krzysztof Oledzki wrote:
> >
> >
> > On Mon, 7 May 2001, Markus Friedl wrote:
> >
> > > try to use
> > > ssh -t host command
> > >
> > > is this ok?
> > >
> > > why do you need wtmp? ssh just emulates the
> > > traditional rsh/rlogin behaviour. wtmp gets
> > > updated only if you allocate a tty.
> > >
> > > every login is registered in /var/log/authlog
> >
> > I have got another idea - maybe it would be more useable to log info
> > about user, that logged in without tty, into wtmp like it does wu-ftpd
> > (and probably others ftp servers) - it adds an entry like:
> >
> > moon ftp pe16.warszawa.ad Tue Apr 3 12:34 - 21:53 (09:19)
>
> why abuse lastlog? why not use /var/log/authlog?
Becouse by doing so, all logins are recorded in one place, the date and
time of BOTH login and logout are noted on a single line and a simple
'w' can tell you who is logged in and from where. Logging in utmp and
wtmp makes tracking use/abuse of your system much easier if you know
that all logins are in one file, and in a format that is easy to see and
understand.
Furthermore, logouts currently are not recorded in /var/log/authlog, and
PAM sessions (which I was using for this purpose, at least it records
the logout) don't function in 2.9p1 (patch attached).
--
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
--- openssh-2.9p1/session.c.old Sun May 6 22:26:54 2001
+++ openssh-2.9p1/session.c Sun May 6 22:27:53 2001
@@ -496,6 +496,7 @@
session_proctitle(s);
#if defined(USE_PAM)
+ do_pam_session(s->pw->pw_name, NULL);
do_pam_setcred(1);
#endif /* USE_PAM */
More information about the openssh-unix-dev
mailing list