HPE Community
Operating System - HP-UX
1834150 Members
3386 Online
110064 Solutions
New Discussion

Re: SSH connections not appearing in wtmp

 
corkbuster
Occasional Contributor

‎09-12-2003 04:45 AM

‎09-12-2003 04:45 AM

SSH connections not appearing in wtmp

I am using WRQ's Reflection Suite for X v10 with the security coments.

When I telnet to the server, the connection is recorded in wtmp, thus retrievable by the 'last' command. Now that I have HP Secure Shell 3.50 installed, ssh connections are not listed via the last command.

WRQ's support has said there is a known bug in the openssh software. We see the same problem connecting to AIX And SUN servers. I does not happen when we go UNIX server to UNIX Server.

Has somenone found a security hole in SSH connections?
0 Kudos
Reply
3 REPLIES 3
Jdamian
Respected Contributor

‎09-12-2003 05:22 AM

‎09-12-2003 05:22 AM

Re: SSH connections not appearing in wtmp

I don't agree WRQ support.
The crux of the matter is the tty used...
Telnet needs a tty (/dev/pts/2 for instance) to open connection. Thus it is logged in wtmp.

Instead, connection launched from Reflection X (plus security components) don't need to use a tty. You can establish a connection without allocate a tty (read paragraph about -T option of ssh man pages). In this case, no new entry is added to wtmp file.

sugestion: open a ssh connection from an Unix system to another Unix system using -T option. Then check the output of 'last' command.

Read a thread started by me on December 5th 2002 about this same problem.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x548585079106d71190050090279cd0f9,00.html

Good luck
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-12-2003 05:48 AM

‎09-12-2003 05:48 AM

Re: SSH connections not appearing in wtmp

Its not a security hole, its the way it behaves.

All ssh connections can be logged in /var/adm/syslog/syslog.log

All you need to do is run inetd -l for enhanced logging.

As Microsoft sometimes says, its a feature not a bug.

Openssh is rock solid secure.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
corkbuster
Occasional Contributor

‎09-12-2003 06:40 AM

‎09-12-2003 06:40 AM

Re: SSH connections not appearing in wtmp

ran 'ssh -T' and saw no entry for the connection when I ran 'last' Did see connections listed in syslog.log though.

When I ran the ssh -T command, it does does not set the $TERM and $DISPLAY variables. I run 'su -' and it fails automatically. I am assuming then the $TERM is ausing an erroneous character when I press

When I look at 'last' output. The initial telnet session that would have been closed is not listed.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.