Re: sftp and utmp

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On Tue, Apr 4, 2023 at 6:10 AM Damien Miller <djm@xxxxxxxxxxx> wrote:
> On Tue, 4 Apr 2023, Nico Kadel-Garcia wrote:
> > > We've been asked about this a number of times before - the problem is
> > > that utmp is really set up to record interactive logins that have a
> > > TTY/PTY assigned. There is AFAIK no real standard for recording
> > > "service logins" (e.g. sftp or SSH command execution w/o TTY) in utmp
> > > and many OS utmp implementation lack fields by which this could be
> > > communicated.
> > >
> > > IIRC we toyed with recording something fake like "sftp" in ut_line
> > > but that caused problems as none of the other tools were set up to
> > > accept it.
> >
> > sftp has some awkward limitations, as does scp. It's why I prefer were
> > possible to use rsync-over-SSH, and we can restrict the rsync options
> > quite heavily. It's even possible to chroot wrap, though that toolkit
> > has not been well maintained.
> rsync doesn't solve the problem being presented here, as it runs without
> a PTY and so never ends up being recorded in utmp either.

rsync over SSH can be configured in sshd_config to record the use of
public SSH keys. I don't normally set up such a restricted service on
the standard SSH daemon or the standard SSH port, mostly to keep the
logs very distinct.
openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux