Chris Taylor
2005-Jul-20 09:04 UTC
AIX 5.1 /etc/security/failedlogin entry with OpenSSH 4.1p1
Hello Ive downloaded OpenSSH 4.1p1 from the portable openssh web pages... Compiled it up for an AIX 5.1 host (with latest IBM maintenance patches applied) using defaults in all cases. When doing a successful SSH authentication it places an entry into /etc/security/failedlogin as well as /var/adm/wtmp Ive also tried adding "UseLogin yes" to the sshd_config PAM ISNT configured (infact sshd says the UsePAM option in the config file is illegal) None of the other "access methods", for instance telnet add a failedlogin entry unless the user fails a password challenge. Is this a bug ? Attached below is the "script"... Thanks... -Chris ================================================================================================ Script command is started on Wed Jul 20 09:56:11 BST 2005. # ssh localhost -l root root at localhost's password: ************************************************************************ ******* * * * * * Welcome to AIX Version 5.1! * * * * * * Please see the README file in /usr/lpp/bos for information pertinent to * * this release of the AIX Operating System. * * * * * ************************************************************************ ******* 1 unsuccessful login attempt since last login. Last unsuccessful login: Wed Jul 20 09:56:25 BST 2005 on ssh from localhost Last login: Wed Jul 20 09:50:59 BST 2005 on /dev/pts/5 from x.x.x.x # cd /etc/security # /usr/sbin/acct/fwtmp < failedlogin root ssh 7 21704 0000 0000 1121849785 localhost Wed Jul 20 09:56:25 BST 2005 # /usr/sbin/acct/fwtmp < /var/adm/wtmp root pts/7 pts/7 7 15394 0000 0000 1121849788 localhost Wed Jul 20 09:56:28 BST 2005 root pts/7 pts/7 7 15394 0000 0000 1121849788 localhost Wed Jul 20 09:56:28 BST 2005 # Connection to localhost closed. # Script command is complete on Wed Jul 20 09:57:01 BST 2005. =================================================================================================
Darren Tucker
2005-Jul-20 09:25 UTC
AIX 5.1 /etc/security/failedlogin entry with OpenSSH 4.1p1
Chris Taylor wrote:> Ive downloaded OpenSSH 4.1p1 from the portable openssh web pages... > Compiled it up for an AIX 5.1 host (with latest IBM maintenance patches > applied) using defaults in all cases. > > When doing a successful SSH authentication it places an entry into > /etc/security/failedlogin > as well as /var/adm/wtmp > > Ive also tried adding "UseLogin yes" to the sshd_config > PAM ISNT configured (infact sshd says the UsePAM option in the config > file is illegal) > > None of the other "access methods", for instance telnet add a > failedlogin entry unless the user fails a password challenge. > > Is this a bug ?Possibly but I'm not sure. Does the same thing happen if you set "PermitEmptyPasswords no" in sshd_config? If that helps I'll explain... -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.