Nezaznamenavanie loginov do wtmp.
Michal Varga
varga at stonehenge.sk
Mon Nov 29 15:28:00 CET 2004
On Mon, 2004-11-29 at 12:23 +0100, Jozef Babjak wrote:
> Zdravim,
>
> urobil som pokus: vo WinSCP su 3 rezimy pripojenia: SCP, SFTP (allow SCP
> fallback) a SFTP. Prvy rezim hlasku "subsystem requeset for sftp" do
> /var/log/auth.log nezapise, zvysne dva ano. Zda sa, ze je to crta, nie
> chyba.
>
Uprimne netusim, co znamena vyraz "crta" v IT kontexte, preferoval by
som storociami zauzivane anglicke vyrazy, miesto novych studentskych
"krajal som zvazky na pevnom disku", ale budiz, to mozeme preskocit:
SCP samozrejme hlasku o SFTP do logu nezapise, pretoze s SFTP nema nic
spolocne. SCP je v podstate normalny SSH login, pouzivajuci pre file
operacie nastroje beziace na danom stroji (cp, rm, ls, etc.)
SFTP (allow SCP fallback) je iba prepinac, pokusi sa pouzit SFTP a ak to
nie je mozne, pouzije SCP (ako vyplyva z popisu). Takze nie je pravda,
ze "zvysne dva zapisu". Prvy zo zvysnych dvoch zapisal preto, ze sa
pouzil SFTP mod.
> ^-- Mam len /etc/pam.conf, relevantna cast je:
>
> # OpenSSH with PAM support requires similar modules. The session one is
> # a bit strange, though...
> sshd auth sufficient pam_skey.so
> sshd auth sufficient pam_opie.so
> no_fake_prompts
> #sshd auth requisite pam_opieaccess.so
> #sshd auth sufficient pam_kerberosIV.so
> try_first_pass
> #sshd auth sufficient pam_krb5.so
> try_first_pass
> sshd auth required pam_unix.so
> try_first_pass
> sshd account required pam_unix.so
> sshd password required pam_permit.so
> sshd session required pam_permit.so
>
>
> > (pouzitie PAM sa zapina v sshd_config cez "UsePAM yes")
>
> ^-- Myslite toto:
>
> # Change to no to disable PAM authentication
> #ChallengeResponseAuthentication yes
>
> Nic ine ohladom PAM v sshd_config nemam.
>
> J.
>
V tomto pripade tazko povedat, na tuto verziu PAM/SSH si uz skoro ani
nepamatam (aj ked si nespominam, ze by tam bol zmineneny problem s
nelogovanim do wtmp, ale ktovie). Mozno by sa oplatilo pozriet po niecom
ako toto:
http://www.ibnet.pl/resources/software/index.en.html (pam_sessionlog)
--
Michal Varga <varga at stonehenge.sk>
Stonehenge
More information about the Users-l
mailing list