SSH and forced wtmp entries ...
Randolf Skerka
Randolf-ML at Skerka.de
Mon May 14 21:42:45 EST 2001
On Fri, May 11, 2001 at 02:10:45PM +1000, Andrew Bartlett wrote:
> Furthermore, logouts currently are not recorded in /var/log/authlog, and
> PAM sessions (which I was using for this purpose, at least it records
> the logout) don't function in 2.9p1 (patch attached).
Sorry for the delay, was busy the last days ... depends on the good
weather condition ;-)
Well, authlog is quite fine and works very well. But an important point
is, that logouts are not logged. It's not possible to say how many users
are using the system lookin to one file! What are arguments not to add
the wtmp entries? I told you how easy it is for a user to hide himselve
from wtmp (ssh -l user xterm) he has an interactive shell, is logged
by authlog, ok, but it's unclear if he is logged in at this moment.
Is somebody able to apply a patch for that? I'm really quite busy, not
only because of the weather, and not able to go through the source
and make a patch for forced wtmp entries.
bye
Randolf
More information about the openssh-unix-dev
mailing list