On Tue, Apr 4, 2023 at 6:10?AM Damien Miller <djm at mindrot.org>
wrote:>
> On Tue, 4 Apr 2023, Nico Kadel-Garcia wrote:
>
> > > We've been asked about this a number of times before - the
problem is
> > > that utmp is really set up to record interactive logins that have
a
> > > TTY/PTY assigned. There is AFAIK no real standard for recording
> > > "service logins" (e.g. sftp or SSH command execution
w/o TTY) in utmp
> > > and many OS utmp implementation lack fields by which this could
be
> > > communicated.
> > >
> > > IIRC we toyed with recording something fake like "sftp"
in ut_line
> > > but that caused problems as none of the other tools were set up
to
> > > accept it.
> >
> > sftp has some awkward limitations, as does scp. It's why I prefer
were
> > possible to use rsync-over-SSH, and we can restrict the rsync options
> > quite heavily. It's even possible to chroot wrap, though that
toolkit
> > has not been well maintained.
>
> rsync doesn't solve the problem being presented here, as it runs
without
> a PTY and so never ends up being recorded in utmp either.
rsync over SSH can be configured in sshd_config to record the use of
public SSH keys. I don't normally set up such a restricted service on
the standard SSH daemon or the standard SSH port, mostly to keep the
logs very distinct.