topic Re: ssh with trust system auditing in Operating System - HP-UX

ssh with trust system auditing

hailerer — Thu, 04 Dec 2003 02:18:01 GMT

we are using HP-UX Secure Shell(A.03.61.002) on HPUX 11i OS,we have are having problems
that auditing did not record any system call
when user logined via ssh.
So does anyone have experience to use ssh with trusted system auditing?

Re: ssh with trust system auditing

Joseph Loo — Thu, 04 Dec 2003 02:34:59 GMT

I am using this version of ssh but do not experience your problem.

Please check whether audit is turn on for any user:
# audusr

or you could use SAM-> Auditing and Security.

Re: ssh with trust system auditing

hailerer — Thu, 04 Dec 2003 02:45:07 GMT

the auditing can record log rightly when I rm a file via telnet,but record nothing when I did same thing via ssh,I use the same userã

Re: ssh with trust system auditing

hailerer — Thu, 04 Dec 2003 03:45:33 GMT

when I set UseLogin=yes in sshd_config and restart sshd,the problem seems to be resolved.

Re: ssh with trust system auditing

Andrew Cowan — Fri, 05 Dec 2003 03:33:18 GMT

This behaviour is correct. SSHD spawns its own child processes and handles login directly, thus you don't get any auditing information. This happenned to me on AIX 5.1, whereby those connecting via SSH did not show up in who or last. The problem was fixed by recompling the code against the latest libraries.

When you say use_login, it does just that, and the normall auditing functions come into force.

Re: ssh with trust system auditing

Joseph Loo — Fri, 05 Dec 2003 06:31:20 GMT

I simulated this auditing problem with both ssh and telnet session and indeed gather the same result as you.

Support has informed me that this would be fix in future release, but if setting UseLogin to "yes" works, you may want to continue doing so but watch out for the next release.