HPE Community
Operating System - HP-UX
1833786 Members
2521 Online
110063 Solutions
New Discussion

SSH logging on HPUX11i

 
SOLVED
Go to solution
Phil Sleigh
New Member

‎11-30-2004 03:09 AM

‎11-30-2004 03:09 AM

SSH logging on HPUX11i

Hi,

Is it possible to log (on the server) the logged in username of the initiator of the connection from the client? I have changed the LogLevel on the server to DEBUG3, but this only records the IP address of the client, port and the username used to log into the server, not the username of the user on the client:

Nov 30 14:17:43 hp1 sshd[2709]: Accepted password for na633 from 199.199.20.2 port 58437 ssh2

One of our sites needs this info for audit purposes.

Many thanks in anticipation.

Phil.
0 Kudos
Reply
6 REPLIES 6
RAC_1
Honored Contributor

‎11-30-2004 03:12 AM

‎11-30-2004 03:12 AM

Re: SSH logging on HPUX11i

I think not possible. Not sure though.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-30-2004 04:49 AM

‎11-30-2004 04:49 AM

Re: SSH logging on HPUX11i

ssh logging is in the file /var/adm/syslog/syslog.log

For additional audits make the system a trusted system and then you can run detailed audit reports based on the information stored in the audit database.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎11-30-2004 05:20 AM

‎11-30-2004 05:20 AM

Re: SSH logging on HPUX11i

You may be able to get the answer if you post this question on the Openssh-unix-dev list:

http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Remember, wherever you go, there you are...
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎11-30-2004 06:45 PM

‎11-30-2004 06:45 PM

Re: SSH logging on HPUX11i

I think that this would only be possible if you had the same usernames and id's across all your systems, otherwise your local serer would see the UID and interpret it using it's own "/etc/passwd" file.

When you say you want the initiator, do you mean if they failed to connect, logged-in, or both?

If you want successful connections they are shown in the SSH debug log (sshd.log) at the standard debug level, as they are passed from syslog. If this is not happenning you could have either setup up the signal levels in "sshd_config" and/or "syslogd.conf", or your binary has not been correcty compiled.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎11-30-2004 07:44 PM

‎11-30-2004 07:44 PM

Solution

Re: SSH logging on HPUX11i

As far as I know, the SSH protocol does not carry any information about the initiator of the connection. This is to minimize risks to the initiator when connecting to untrusted servers. The information would not be reliable anyway, because the initiator might have compiled his own ssh client and patched it to give false information.

If you can set up identd on the initiator host, you might be able to use it. To make sshd send identd queries, you need to compile it with tcpwrapper support (--with-tcp-wrappers). Then configure /etc/hosts.[allow|deny] using the form:

sshd: ALL@

Identd does not cope too well with NAT and is not really suitable for untrusted networks, so be sure you understand the limitations before using identd.
MK
Reply
Phil Sleigh
New Member

‎12-01-2004 02:51 AM

‎12-01-2004 02:51 AM

Re: SSH logging on HPUX11i

Thanks to all for the responses. I can use this info to research it further. Much appreciated.

Cheers

Phil
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.