/var/log/btmp logging ?

Jarno Huuskonen jhuuskon at messi.uku.fi
Mon Nov 27 20:18:15 EST 2000


Openssh doesn't log failed logins to /var/log/btmp like login does 
(if btmp exists). This is on RH6.2. 

Is there a specific reason for not logging to btmp ? 

I think that logging to btmp would be a 'good thing'(tm). What about
other unices ? Do they have /var/log/btmp or something similar (AIX has
something like that and I think openssh already logs the failed attempts).

AFAIK it wouldn't be too much work to get btmp logging to openssh. Here
are some ideas that came to mind:
- add a failure call to auth1.c and auth2.c (there's already AIX specific
- modify loginrec.c so there's a routine to write an entry to btmp
  ( propably just modify wtmp_write_entry so it can take a filename parameter
   and then add write_bad_login-function )

Is somebody interested in this kind of btmp feature ? And any chances
of getting this included in the portable version ?


Jarno Huuskonen - System Administrator   |  Jarno.Huuskonen at uku.fi
University of Kuopio - Computer Centre   |  Work:   +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland       |  Mobile: +358 40 5388169

More information about the openssh-unix-dev mailing list