Bug in all versions of OpenSSH
Dan Kaminsky
dan at doxpara.com
Sun Apr 7 11:16:47 EST 2002
> On Fri, Apr 05, 2002 at 03:37:14PM -0800, Dan Kaminsky wrote:
> > As is, it's sort of embarassing that I can evade basic system logs so
> > easily.
>
> nonsense, every successful authentication is logged in
> the system logs with syslog.
I haven't really decided how I feel about this, but I'm somewhat leaning
towards feeling that "last" should show the last n logins.
On the flip side, it absolutely should *not* show the last n individual file
transfers.
I do remember that CVS over SSH can be made much faster with something that
caches SSH sessions and runs multiple commands over them (fsh, if I remember
right). Could PrivSep be tweaked to allow this form of functionality? If
so, perhaps all the multi-session commands could be collapsed into a single
authentication to be reflected on execution of "last"...or perhaps we could
just cap how often we'd log their entries(though that sacrifices
inter-session independence, a huge nono).
I'm not insisting on anything here -- I certainly see the validity of the
syslog approach, and we don't expect all services(apache, ftpd) to throw
things into the lastlog. But "ssh user at host /bin/bash" is a little
uncomfortably trivial.
--Dan
More information about the openssh-unix-dev
mailing list