Mantis - openssh
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
4494 regular use minor always 2010-07-20 15:45 2011-11-04 23:02
Reporter: helmped Platform:  
Assigned To: yann OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0004494: sshd shows wrong "last login" date/time
Description: Login in on any host (SPARC/x86, latest CSWossh installed) via ssh shows not the last session login date/time. Instead the actual login date/time is displayed.

Using SUNs sshd the login date/time information is correct.

Regards

Helmut
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:
Issue History
Date Modified Username Field Change
2010-07-20 15:45 helmped New Issue
2010-11-19 22:03 yann Status new => assigned
2010-11-19 22:03 yann Assigned To => yann
2010-12-20 21:48 yann Note Added: 0008614
2010-12-20 21:48 yann Status assigned => feedback
2011-01-10 16:57 helmped Note Added: 0008686
2011-02-03 22:58 yann Note Added: 0008777
2011-09-19 22:10 yann Note Added: 0009279
2011-09-20 12:54 helmped Note Added: 0009288
2011-11-04 23:02 yann Note Added: 0009389
2011-11-04 23:02 yann Status feedback => closed
2011-11-04 23:02 yann Resolution open => fixed

Notes
(0008614)
yann   
2010-12-20 21:48   
Hi,

This problem seems to be caused by pam which updates the /var/adm/lastlog file before ssh reads the information.

I (re-)opened a bug upstream about this problem: https://bugzilla.mindrot.org/show_bug.cgi?id=87 [^]

Meanwhile I applied a workaround to temporarily solve this bug in the opencsw package: openssh doesn't read or update anymore the /var/adm/lastlog file (but still update wtmp).

This means /var/adm/lastlog could not be updated in some non standard pam configuration.


Could you try latest openssh packages in my experimental repository [1] to test if this fix work for you ?

Thanks in advance,

Yann

[1] http://buildfarm.opencsw.org/experimental.html#yann [^]
(0008686)
helmped   
2011-01-10 16:57   
I've tried your latest openssh package which seems to be working for
interactive login.

But there's still a difference to SUN ssh: Using opencsw ssh with public key authentication and listing files on a remote host like "ssh hostname ls" only the lastlog and utmpx file are updated but not the wtmpx file. Therefore this logon cann't be seen via the last command which reads the wtmpx file.

When using SUN ssh all three files are updated. This behavior can be observed on linux systems too.

Regards,

  Helmut
(0008777)
yann   
2011-02-03 22:58   
I just tried to reproduce your problem but I don't have the same behaviour:

 - on Redhat and Debian, wtmp and lastlog are not updated when doing non interactive login with public key

 - on Solaris with SUN SSH, only wtmpx and lastlog are updated.


After having a look at the openssh bugtracker, it seems to be considered normal behaviour by OpenSSH maintainers:
https://bugzilla.mindrot.org/show_bug.cgi?id=337 [^]


I didn't find enough information about wtmp(x), utmp(x) and lastlog to know exactly if they should be updated with non-interactive login.

Do you have some clue about this ?
(0009279)
yann   
2011-09-19 22:10   
Hi,

Any feedback about my questions ?
(0009288)
helmped   
2011-09-20 12:54   
Hi,

thanks for reminding me ...

I think I was a little confused about my comments and your answers/question
but testing again I see that your comments are correct - only
sun ssh update the wtmpx file. Since the non-interactive logins are
reported in /var/adm/messages these logins can also be tracked.
I only have to know not to forget this.

Today I installed the new openssh opencsw package and now the correct
"last login" time is shown - seems the problem is now fixed.

Best Regards
(0009389)
yann   
2011-11-04 23:02   
Cool.
I am closing this bug now.