sftp and utmp

[Nico Kadel-Garcia]

On Tue, Apr 4, 2023 at 6:10 AM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 4 Apr 2023, Nico Kadel-Garcia wrote:
>
> > > We've been asked about this a number of times before - the problem is
> > > that utmp is really set up to record interactive logins that have a
> > > TTY/PTY assigned. There is AFAIK no real standard for recording
> > > "service logins" (e.g. sftp or SSH command execution w/o TTY) in utmp
> > > and many OS utmp implementation lack fields by which this could be
> > > communicated.
> > >
> > > IIRC we toyed with recording something fake like "sftp" in ut_line
> > > but that caused problems as none of the other tools were set up to
> > > accept it.
> >
> > sftp has some awkward limitations, as does scp. It's why I prefer were
> > possible to use rsync-over-SSH, and we can restrict the rsync options
> > quite heavily. It's even possible to chroot wrap, though that toolkit
> > has not been well maintained.
>
> rsync doesn't solve the problem being presented here, as it runs without
> a PTY and so never ends up being recorded in utmp either.

rsync over SSH can be configured in sshd_config to record the use of
public SSH keys. I don't normally set up such a restricted service on
the standard SSH daemon or the standard SSH port, mostly to keep the
logs very distinct.