ssh 4.x using aix 5.3 auditing
Ryan Robertson
r3r2 at yahoo.com
Thu Jan 11 08:56:03 EST 2007
I'm still a bit confused as to how control-d is interpreted in ssh vs telnet. The only thing I can figure is that telnet traps control-d as User_Exit or USER_Logout and ssh interprets it as EOF. If EOF is triggered, then the auditing subsystem doesnt care.
The 'logout' command is only affected if you are NOT logged into the console.
====================
test_citi:/root # grep UseLogin /usr/etc/sshd_config
UseLogin no
test_citi:/root # tty
/dev/pts/0
test_citi:/root # logout
3004-065 You must be on the login terminal.
test_citi:/root #
======================
test_citi:/root # grep UseLogin /usr/etc/sshd_config
UseLogin no
test_citi:/root # tty
/dev/vty0
test_citi:/root # logout
=============
In order to trigger the auditing subsystem, I have to do the following:
add 'set -o ignoreeof'' in /etc/profile
change UseLogin to "yes". this is due to the tty issue listed above.
-Thanks,
Ryan
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index
More information about the openssh-unix-dev
mailing list