HPE Community
Operating System - HP-UX
1847663 Members
3157 Online
110265 Solutions
New Discussion

Tracking telnet to secure shell access conversions

 
SOLVED
Go to solution
Scott Lindstrom_2
Regular Advisor

‎11-05-2003 03:23 AM

‎11-05-2003 03:23 AM

Tracking telnet to secure shell access conversions

I need to track which users are still coming in via telnet, rlogin, etc versus those that have converted over to secure shell. I need to collect this data from a variety of servers over the course of time (until everyone is coming in ssh). Before I start writing a script to do this, I thought I'd ask if someone already has something similar.

TIA,
Scott Lindstrom
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎11-05-2003 03:30 AM

‎11-05-2003 03:30 AM

Solution

Re: Tracking telnet to secure shell access conversions

The last command is a good start.

It gives good output from /var/adm/syslog/wtmp

lastb command shows bad logins.

I'm attaching a login checker script you can modify for your purposes.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Scott Lindstrom_2
Regular Advisor

‎11-05-2003 08:21 AM

‎11-05-2003 08:21 AM

Re: Tracking telnet to secure shell access conversions

Steve -

It turns out I'm not getting ssh logins logged via last (like some other posts I've found here on the forums), but as long as I can find who is using any of the other login methods, that solves my problem.

Scott
0 Kudos
Reply
ConnieK
Regular Advisor

‎11-06-2003 12:38 AM

‎11-06-2003 12:38 AM

Re: Tracking telnet to secure shell access conversions

Scott,

Your syslog should be capturing access attempts whether failed or successful, plus it indicates which type of access the connection was. You could write a simple script to grep "connect" and filter the telnetd/sshd/ftp access from your syslog and write the output to a file. I have a script running from cron everyday to send me output (as below):

Nov 5 22:08:46 6C:xxxx telnetd[1215]: connect from ###.##.##.###
Nov 5 08:03:06 6E:xxxx sshd[2655]: Accepted password for userxx from xxx.xx.xx.xxx port 1690 ssh2

If you need the exact script, I can post.

HTH - Connie
Independent by nature
0 Kudos
Reply
Scott Lindstrom_2
Regular Advisor

‎11-06-2003 02:03 AM

‎11-06-2003 02:03 AM

Re: Tracking telnet to secure shell access conversions

Connie -

My understanding is that I would have to issue 'inetd -l' to get the enhanced logging in syslog. This isn't something we want to do.

As long as I can get who is *not* using ssh, I can write the report I need to write.

Thanks for your reply. Being a Unix newbie, I love these forums!

Scott
0 Kudos
Reply
Scott Lindstrom_2
Regular Advisor

‎11-06-2003 03:59 AM

‎11-06-2003 03:59 AM

Re: Tracking telnet to secure shell access conversions

I just realized we have our syslog split into multiple log files, so the invalid login attempts via ssh *are* being reported; just not in syslog.log.

Scott
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.