HPE Community
Operating System - HP-UX
1850368 Members
2966 Online
104054 Solutions
New Discussion

Re: Determine protocol for login

 
Jeff_Traigle
Honored Contributor

‎12-21-2005 08:54 AM

‎12-21-2005 08:54 AM

Determine protocol for login

I know someone asked something similar to this a month or two ago, but I haven't been able to find the thread and the answers, as I recall, weren't complete. The last command gives most of the information, though distinguishing between ssh, login (rlogin), and shell (remsh) appears to require confirming in syslog which it was. Sshd will have definite entries there. Login will also if you have -l option on inetd. Shell appears to not log to syslog even with the -l option on inetd. Sftp isn't logged to wtmp, however, so last does not see these logins. Is there a way to get these logins logged to wtmp also? (I'm guessing if there is, it's in sshd_config, but nothing jumped out at me as the answer.)

Also, how does dtlogin log accesses? Is it distinguishable from any of the other login methods?
--
Jeff Traigle
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎12-21-2005 09:10 AM

‎12-21-2005 09:10 AM

Re: Determine protocol for login

Shalom Jeff,

If sftp is done after exchaning public keys the key exchange will show up in syslog.

Though it varies product to product, many daemons configured in inetd can use -l enhanced logging.

Interestingly enough my sshd logins do show up in syslog and all I did was change the inetd run parameter to add -l.

At least thats all I remember doing.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sandman!
Honored Contributor

‎12-21-2005 10:58 AM

‎12-21-2005 10:58 AM

Re: Determine protocol for login

Jeff,

ssh can be configured to log access to syslog thru the sshd_config file and the logging is controlled by two parameters i.e. SyslogFacility and LogLevel. The defaults (which can be customized) are:

#SyslogFacility AUTH
#LogLevel INFO

hope it helps!
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎12-21-2005 12:32 PM

‎12-21-2005 12:32 PM

Re: Determine protocol for login

Yes. Those are the default settings. I notice, however, that while the ssh connections are logged to both syslog and wtmp, sftp connections are only logged to syslog. In trying to determine how the accesses are being made, I was hoping to make things a bit easier by being able to use last to get the last access timestamp and origin and then determine through syslog what protocol was actually used since only telnet, rexec, and ftp are uniquely identified by last. Since sftp isn't logging to wtmp, it makes things a bit more complicated to determine the protocol of the last system access.
--
Jeff Traigle
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.