Re: OpenSSH, AIX and lastlog

From: Darren Tucker (dtucker@dodgy.net.au)
Date: 12/06/02


From: dtucker@dodgy.net.au (Darren Tucker)
Date: Fri, 06 Dec 2002 01:14:50 GMT

In article <9f303a71.0212051315.702196aa@posting.google.com>,
Steve Bassler <sbassle@alleghenyenergy.com> wrote:
>OpenSSH 3.4 is not making entries of any kind in the lastlog file.
[snip]

IBM changed the format of the wtmp entries between 4.x and 5.x for some
reason. This means that sshd compiled on AIX 4.x will not update wtmp
when run on 5.x, this may include lastlog.

Were your binaries compiled on AIX 4?

>I cannot find lastlog.h on my system (AIX 5.1). Do I need this file
>to enable lastlog processing? If so, where can I find it?

Updating of /etc/security/lastlog is done by the loginsuccess library
call on AIX which sshd uses.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


Relevant Pages

  • Re: OpenSSH, AIX and lastlog
    ... >> OpenSSH 3.4 is not making entries of any kind in the lastlog file. ... > IBM changed the format of the wtmp entries between 4.x and 5.x for some ... This means that sshd compiled on AIX 4.x will not update wtmp ...
    (comp.security.ssh)
  • Re: Lsuser Not Reporting Correctly
    ... My solution would be to clear out lastlog via>lastlog and let it recreate ... when I try and view the lastlog file I get a "out of memory" error, ... Confidentiality Notice ...
    (AIX-L)
  • Re: Possible compromise ?
    ... The only place, where those connections are mentioned, is the lastlog file. ... Subject: Possible compromise? ... >> Unreadable chaos, bad dates. ...
    (FreeBSD-Security)