sshd "PrintLastLog yes"

sshd "PrintLastLog yes"

[Fermin Sanchez]

Hello list

I added/uncommented "PrintLastLog yes" in /etc/sshd_config and restarted
the sshd Service from Windows. I don't see a message about the last time
(and host, afair) the last logon took place. I know that this used to
work in an earlier version of an sshd on my (Windows) system. Not sure,
though, if it was cygwin's sshd.

Any hints where I should start looking (rtfm didn't bring any results,
neither did a quick google).

Thanks.
Fermin

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: sshd "PrintLastLog yes"

[Corinna Vinschen]

On Sat, Sep 06, 2003 at 09:05:44PM +0200, Fermin Sanchez wrote:
> Hello list
> 
> I added/uncommented "PrintLastLog yes" in /etc/sshd_config and restarted

PrintLastLog defaults to yes so that shouldn't be necessary.

> Any hints where I should start looking (rtfm didn't bring any results,
> neither did a quick google).

I'm using 3.6.1p2, too, obviously and I'm getting the last log message.
Any chance you have a problem with /var/log/lastlog?  Did you delete
it after starting sshd?  Permissions?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: sshd "PrintLastLog yes"

[Igor Pechtchanski]

On Mon, 8 Sep 2003, Corinna Vinschen wrote:

> On Mon, Sep 08, 2003 at 12:23:53PM -0400, Igor Pechtchanski wrote:
> >   That's why I
> > suggested adding this into "ssh-host-config" (which will presumably be run
> > by new users to set up sshd) instead.  Another advantage of
> > "ssh-host-config" is that it's interactive (whereas postinstall scripts
> > aren't, or shouldn't be).
>
> ssh isn't exclusiv user or owner of /var/log/lastlog.  It's a system
> file, not an application specific file.
>
> Corinna

I understand that.  What I was suggesting was that permissions only get
modified in application-specific config scripts that are either
interactive and/or are explicitly invoked by the user -- ssh was just an
example (another one is iu-config).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: sshd "PrintLastLog yes"

[Corinna Vinschen]

On Mon, Sep 08, 2003 at 12:23:53PM -0400, Igor Pechtchanski wrote:
>   That's why I
> suggested adding this into "ssh-host-config" (which will presumably be run
> by new users to set up sshd) instead.  Another advantage of
> "ssh-host-config" is that it's interactive (whereas postinstall scripts
> aren't, or shouldn't be).

ssh isn't exclusiv user or owner of /var/log/lastlog.  It's a system
file, not an application specific file.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: sshd "PrintLastLog yes"

[Igor Pechtchanski]

On Mon, 8 Sep 2003, Christopher Faylor wrote:

> On Mon, Sep 08, 2003 at 11:01:59AM -0500, Joshua Daniel Franklin wrote:
> >On Sun, Sep 07, 2003 at 02:30:47PM -0400, Larry Hall wrote:
> >> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
> >> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
> >> >One good side effect: I'm going to put all this information into a "how
> >> >to install and run cygwin and sshd on a Windows Server 2003 Domain
> >> >Controller" ;-)
> >>
> >> It would be great to see this as an addition to the Cygwin docs and/or
> >> automated by the post-install script too.  Just a thought.
> >
> >Personally I think this is a candidate for a specific package README,
> >though maybe some language could be added to "Security" section of the
> >User's Guide.
>
> I'm not sure I understand the argument against automatically setting the
> permissions on /var/log/lastlog to something which would allow a
> properly privileged account to access the file.  It seems like this
> is a good post-install candidate to me.
>
> cgf

The argument is that you don't always know what the properly privileged
account *is*.  You can't assume that it's "system" (not on Win2003, at
least).  I don't disagree that on new installs this should be set to
something sensible, but we should leave power users the ability to
manipulate their filesystem in the way they want to without having to
worry about postinstall scripts changing that setup.  That's why I
suggested adding this into "ssh-host-config" (which will presumably be run
by new users to set up sshd) instead.  Another advantage of
"ssh-host-config" is that it's interactive (whereas postinstall scripts
aren't, or shouldn't be).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: sshd "PrintLastLog yes"

[Christopher Faylor]

On Mon, Sep 08, 2003 at 11:01:59AM -0500, Joshua Daniel Franklin wrote:
>On Sun, Sep 07, 2003 at 02:30:47PM -0400, Larry Hall wrote:
>> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
>> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
>> >One good side effect: I'm going to put all this information into a "how
>> >to install and run cygwin and sshd on a Windows Server 2003 Domain
>> >Controller" ;-)
>> 
>> It would be great to see this as an addition to the Cygwin docs and/or
>> automated by the post-install script too.  Just a thought.
>
>Personally I think this is a candidate for a specific package README, 
>though maybe some language could be added to "Security" section of the
>User's Guide. 

I'm not sure I understand the argument against automatically setting the
permissions on /var/log/lastlog to something which would allow a
properly privileged account to access the file.  It seems like this
is a good post-install candidate to me.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: sshd "PrintLastLog yes"

[Joshua Daniel Franklin]

On Sun, Sep 07, 2003 at 02:30:47PM -0400, Larry Hall wrote:
> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
> >One good side effect: I'm going to put all this information into a "how
> >to install and run cygwin and sshd on a Windows Server 2003 Domain
> >Controller" ;-)
> 
> It would be great to see this as an addition to the Cygwin docs and/or
> automated by the post-install script too.  Just a thought.

Personally I think this is a candidate for a specific package README, 
though maybe some language could be added to "Security" section of the
User's Guide. 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: sshd "PrintLastLog yes"

[Igor Pechtchanski]

On Sun, 7 Sep 2003, Larry Hall wrote:

> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
> >Hello Corinna
> >
> >> > I added/uncommented "PrintLastLog yes" in /etc/sshd_config and
> >> > restarted
> >> PrintLastLog defaults to yes so that shouldn't be necessary.
> >
> >Yes, I just wanted to be sure.
> >
> >> > Any hints where I should start looking (rtfm didn't bring
> >> > any results,
> >> > neither did a quick google).
> >> I'm using 3.6.1p2, too, obviously and I'm getting the last
> >> log message.
> >> Any chance you have a problem with /var/log/lastlog?  Did you
> >> delete it after starting sshd?  Permissions?
> >
> >ls -l /var/log/lastlog shows:
> >-rw-r--r--    1 Administ Domain U        0 Sep  6 17:52 lastlog
> >
> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
> >One good side effect: I'm going to put all this information into a "how
> >to install and run cygwin and sshd on a Windows Server 2003 Domain
> >Controller" ;-)
>
> It would be great to see this as an addition to the Cygwin docs and/or
> automated by the post-install script too.  Just a thought.
>
> Larry Hall

Please, please, please don't put this in a postinstall script.  I, for
one, would not want any postinstall script to muck around with my
directory and file permissions (as I don't have any control over whether
that script runs).  I'd suggest putting it into ssh-host-config instead
(and, of course, the README file for those who prefer to configure sshd
manually).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: sshd "PrintLastLog yes"

[Larry Hall]

At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
>Hello Corinna 
>
>> > I added/uncommented "PrintLastLog yes" in /etc/sshd_config and 
>> > restarted
>> PrintLastLog defaults to yes so that shouldn't be necessary.
>
>Yes, I just wanted to be sure.
>
>> > Any hints where I should start looking (rtfm didn't bring 
>> > any results, 
>> > neither did a quick google).
>> I'm using 3.6.1p2, too, obviously and I'm getting the last 
>> log message.
>> Any chance you have a problem with /var/log/lastlog?  Did you 
>> delete it after starting sshd?  Permissions?
>
>ls -l /var/log/lastlog shows:
>-rw-r--r--    1 Administ Domain U        0 Sep  6 17:52 lastlog
>
>I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
>One good side effect: I'm going to put all this information into a "how
>to install and run cygwin and sshd on a Windows Server 2003 Domain
>Controller" ;-)


It would be great to see this as an addition to the Cygwin docs and/or
automated by the post-install script too.  Just a thought.



--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: sshd "PrintLastLog yes"

[Fermin Sanchez]

Hello Corinna 

> > I added/uncommented "PrintLastLog yes" in /etc/sshd_config and 
> > restarted
> PrintLastLog defaults to yes so that shouldn't be necessary.

Yes, I just wanted to be sure.

> > Any hints where I should start looking (rtfm didn't bring 
> > any results, 
> > neither did a quick google).
> I'm using 3.6.1p2, too, obviously and I'm getting the last 
> log message.
> Any chance you have a problem with /var/log/lastlog?  Did you 
> delete it after starting sshd?  Permissions?

ls -l /var/log/lastlog shows:
-rw-r--r--    1 Administ Domain U        0 Sep  6 17:52 lastlog

I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
One good side effect: I'm going to put all this information into a "how
to install and run cygwin and sshd on a Windows Server 2003 Domain
Controller" ;-)

Cheers
Fermin

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/