I've noticed rather strange wtmp logging behavior in sshd. Can anyone confirm or solve the following: Once a user authenticates themself to sshd, sshd among other things records the login in the wtmp, which `last` reads. However, sshd logs hostnames which are longer than 16 characters instead of IPs like normal programs would. As a result, I have useless entries such as: tempest ttyp4 1cust126.tnt5.ta Sat Mar 11 22:33 - 14:03 (15:29) which there is no way of telling what IP that was from. One option I found using was the UseLogin option, where openssh authenticates via login(1). This would work correctly but the wtmp logging was awkward: tempest ttyp4 63.10.229.126 Sat Mar 11 22:33 - 14:03 (15:29) tempest ttyp4 1cust126.tnt5.ta Sat Mar 11 22:33 still logged in Instead of only login(1) making the entry, both login(1) and sshd did, however login(1) logged it correctly (via only the IP) but sshd also logged it, incorrectly, and didn't 'log the user off' properly. How can i make sshd log via ONLY login(1) w/o sshd re-logging the event, OR How can i make sshd do the logging properly (not logging hostnames that get cut off). The OpenSSH version I'm working with is 1.2.2 on a FreeBSD system. Thanks in advance. Regards, Alex
On Fri, 31 Mar 2000, Alex wrote:> > I've noticed rather strange wtmp logging behavior in sshd. Can anyone > confirm or solve the following: > > Once a user authenticates themself to sshd, sshd among other things > records the login in the wtmp, which `last` reads. However, sshd > logs hostnames which are longer than 16 characters instead of IPs > like normal programs would. As a result, I have useless entries > such as:OpenSSH logs both hostname and IP address if you wtmp supports it. Under RedHat Linux I can get the IP addresses using "last -i". If you would prefer IP addresses being logged instead of hostname, you may want to hack on login.c. grep for ut_host and ut_addr. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
Hello I have openssh 1.2.3, openssl 0.9.5 and slackware 4.0, and problem with logging to wtmp. There is nothing in my /var/log/wtmp when I log in using ssh. lastlog is updated ok. Some ideas? Bye
On Fri, 31 Mar 2000, Bosko Radivojevic wrote:> Hello > > I have openssh 1.2.3, openssl 0.9.5 and slackware 4.0, and problem > with logging to wtmp. There is nothing in my /var/log/wtmp when I > log in using ssh. lastlog is updated ok.wtmp logging has been broken on the older Slackwares for a while, but I have not been able to replicate it. Have a look contrib/README and give liblogin a try. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
On Sat, 1 Apr 2000, Damien Miller wrote:> wtmp logging has been broken on the older Slackwares for a while, but > I have not been able to replicate it.On RedHat 6.1 (for SPARC) wtmp logging is ok. On Slackware 7.0, wtmp logging is also broken.> Have a look contrib/README and give liblogin a try.I will. Thanx. Greetings, Bole