Login records in wtmp for ssh as tty
Ondrej.Rajmon at cuzk.cz
Ondrej.Rajmon at cuzk.cz
Mon Jun 20 22:54:38 EST 2011
Hello,
after update my sshd to openssh-5.8_p2 (Linux Gentoo) I stated, that all ssh login (that open terminal session) causes writing of 2 records to a wtmp log. For example:
user1 pts/4 gw.testdom.net Mon Jun 20 13:33 still logged in
user1 ssh gw.testdom.net Mon Jun 20 13:33 - 13:38 (00:05)
The first one is a standard record which appears only if a terminal session is opened.
The second one is new (at least for me). It appears always, regardless of the type of ssh session (with or without terminal). I would highly appreciate such feature because I want to see all logged in user even if they are just forwarding ports to another target, so they do not open a terminal session. But what I don't understand is behavior of that second record. It gets closed in a few minutes, spontaneously. The few minutes is usually something between 1 and 30 but can be more than 60, too. So this second record give a knowledge about established sessions, but doesn't reflect their real duration.
My questions are:
1) Is such behavior correct?
2) Why the second record is closed automatically regardless of the real session duration?
3) What the timeout for the record closing depends on? Can I influence that?
Ondrej
More information about the openssh-unix-dev
mailing list