HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HP Secure Shell
Operating System - HP-UX
1830244
Members
1570
Online
110000
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2003 06:36 AM
06-23-2003 06:36 AM
When using the syntax 'ssh -l ' is it possible to log the originators user name aswell as the one they are connecting as? This is so we can audit who is using a generic id.
Solved! Go to Solution.
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2003 06:48 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2003 06:59 AM
06-23-2003 06:59 AM
Re: HP Secure Shell
don't allow generic ID's
put everyone's specific ID on each machine, then have them su to whatever ID they need to
put everyone's specific ID on each machine, then have them su to whatever ID they need to
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2003 07:26 AM
06-23-2003 07:26 AM
Re: HP Secure Shell
I cannot believe that there is no way within SSH to capture this information. My problem is that I could write a C wrapper on HP-UX but most of the client connections are from PC workstations using a off-shelf package.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2003 02:02 PM
06-23-2003 02:02 PM
Re: HP Secure Shell
Its never a good idea to use generic accounts, where multiple people have the same access. This is precisely for the reason you mention. However, you can trace a ssh connection back to a specific address by checking /var/adm/syslog/syslog.log. You'll see entries there like:
Jun 23 04:13:02 foo@bar.com sshd[21167]: Accepted publickey for henry from 1XX.1XX.1XX.24 port 53394 ssh2
This means that henry logged in from a particular system at a given time. If more than one person has access to 1XX.1XX.1XX.24, then you'll have problems. However, this could be the start of your audit trail.
The best thing is to disable shared accounts and insist that users have individual accounts. We make exceptions here for root, oracle, and tivoli, but then only senior, trusted people have those account passwords.
Jun 23 04:13:02 foo@bar.com sshd[21167]: Accepted publickey for henry from 1XX.1XX.1XX.24 port 53394 ssh2
This means that henry logged in from a particular system at a given time. If more than one person has access to 1XX.1XX.1XX.24, then you'll have problems. However, this could be the start of your audit trail.
The best thing is to disable shared accounts and insist that users have individual accounts. We make exceptions here for root, oracle, and tivoli, but then only senior, trusted people have those account passwords.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP