Nezaznamenavanie loginov do wtmp.

Michal Varga varga at stonehenge.sk
Mon Nov 29 15:28:00 CET 2004


On Mon, 2004-11-29 at 12:23 +0100, Jozef Babjak wrote:
> Zdravim, 
> 
> urobil som pokus: vo WinSCP su 3 rezimy pripojenia: SCP, SFTP (allow SCP 
> fallback) a SFTP. Prvy rezim hlasku "subsystem requeset for sftp" do 
> /var/log/auth.log nezapise, zvysne dva ano. Zda sa, ze je to crta, nie 
> chyba. 
> 
Uprimne netusim, co znamena vyraz "crta" v IT kontexte, preferoval by
som storociami zauzivane anglicke vyrazy, miesto novych studentskych
"krajal som zvazky na pevnom disku", ale budiz, to mozeme preskocit:

SCP samozrejme hlasku o SFTP do logu nezapise, pretoze s SFTP nema nic
spolocne. SCP je v podstate normalny SSH login, pouzivajuci pre file
operacie nastroje beziace na danom stroji (cp, rm, ls, etc.)

SFTP (allow SCP fallback) je iba prepinac, pokusi sa pouzit SFTP a ak to
nie je mozne, pouzije SCP (ako vyplyva z popisu). Takze nie je pravda,
ze "zvysne dva zapisu". Prvy zo zvysnych dvoch zapisal preto, ze sa
pouzil SFTP mod.



>   ^-- Mam len /etc/pam.conf, relevantna cast je: 
> 
> # OpenSSH with PAM support requires similar modules.  The session one is
> # a bit strange, though...
> sshd    auth    sufficient      pam_skey.so
> sshd    auth    sufficient      pam_opie.so                     
> no_fake_prompts
> #sshd   auth    requisite       pam_opieaccess.so
> #sshd   auth    sufficient      pam_kerberosIV.so               
> try_first_pass
> #sshd   auth    sufficient      pam_krb5.so                     
> try_first_pass
> sshd    auth    required        pam_unix.so                     
> try_first_pass
> sshd    account required        pam_unix.so
> sshd    password required       pam_permit.so
> sshd    session required        pam_permit.so
> 
> 
> > (pouzitie PAM sa zapina v sshd_config cez "UsePAM yes")
>  
>   ^-- Myslite toto:
> 
> # Change to no to disable PAM authentication
> #ChallengeResponseAuthentication yes
> 
> Nic ine ohladom PAM v sshd_config nemam. 
> 
> J. 
> 
V tomto pripade tazko povedat, na tuto verziu PAM/SSH si uz skoro ani
nepamatam (aj ked si nespominam, ze by tam bol zmineneny problem s
nelogovanim do wtmp, ale ktovie). Mozno by sa oplatilo pozriet po niecom
ako toto:

http://www.ibnet.pl/resources/software/index.en.html (pam_sessionlog)


-- 
Michal Varga <varga at stonehenge.sk>
Stonehenge




More information about the Users-l mailing list