Re: ssh with trust system auditing

hailerer · ‎12-03-2003

we are using HP-UX Secure Shell(A.03.61.002) on HPUX 11i OS,we have are having problems
that auditing did not record any system call
when user logined via ssh.
So does anyone have experience to use ssh with trusted system auditing?

Joseph Loo · ‎12-03-2003

I am using this version of ssh but do not experience your problem.

Please check whether audit is turn on for any user:
# audusr

or you could use SAM-> Auditing and Security.

what you do not see does not mean you should not believe

hailerer · ‎12-03-2003

the auditing can record log rightly when I rm a file via telnet,but record nothing when I did same thing via ssh,I use the same userã

hailerer · ‎12-03-2003

when I set UseLogin=yes in sshd_config and restart sshd,the problem seems to be resolved.

Andrew Cowan · ‎12-04-2003

This behaviour is correct. SSHD spawns its own child processes and handles login directly, thus you don't get any auditing information. This happenned to me on AIX 5.1, whereby those connecting via SSH did not show up in who or last. The problem was fixed by recompling the code against the latest libraries.

When you say use_login, it does just that, and the normall auditing functions come into force.

Joseph Loo · ‎12-04-2003

I simulated this auditing problem with both ssh and telnet session and indeed gather the same result as you.

Support has informed me that this would be fix in future release, but if setting UseLogin to "yes" works, you may want to continue doing so but watch out for the next release.

what you do not see does not mean you should not believe

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: ssh with trust system auditing

ssh with trust system auditing