View previous topic :: View next topic |
Author |
Message |
alex.blackbit Advocate
Joined: 26 Jul 2005 Posts: 2397
|
Posted: Wed Jul 30, 2008 8:00 pm Post subject: 2 last login messages on ssh connection |
|
|
hi,
i get this Code: | $ ssh wall
Last login: Wed Jul 30 21:57:30 CEST 2008 from seaburg on pts/2
Last login: Wed Jul 30 21:58:09 2008 from seaburg
% |
i already re-emerged openssh and did a revdep-rebuild. the sshd-config is sane.
who knows what's wrong? |
|
Back to top |
|
|
think4urs11 Bodhisattva
Joined: 25 Jun 2003 Posts: 6659 Location: above the cloud
|
Posted: Wed Jul 30, 2008 8:22 pm Post subject: |
|
|
check /etc/motd
check Banner setting in /etc/ssh/sshd_config
the first one should come from PrintLastLog yes in /etc/ssh/sshd_config _________________ Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
Back to top |
|
|
alex.blackbit Advocate
Joined: 26 Jul 2005 Posts: 2397
|
Posted: Wed Jul 30, 2008 10:22 pm Post subject: |
|
|
/etc/motd did not exist. for testing i just echoed "foo" in it.
PrintLastLog in sshd_config was commented out, i commented it in and set it to no.
here is the result: Code: | $ ssh wall
Last login: Thu Jul 31 00:04:31 CEST 2008 from seaburg on pts/2
foo
Last login: Thu Jul 31 00:04:47 2008 from seaburg
foo
% |
|
|
Back to top |
|
|
TwoMinds Tux's lil' helper
Joined: 14 Jul 2004 Posts: 146 Location: Italy
|
Posted: Fri Aug 01, 2008 4:31 pm Post subject: |
|
|
Hi. I have the same problem here: twice motd and last login. |
|
Back to top |
|
|
alex.blackbit Advocate
Joined: 26 Jul 2005 Posts: 2397
|
Posted: Wed Aug 06, 2008 1:15 pm Post subject: |
|
|
Think4UrS11, PrintLastLog seems to have a default value of yes. it was commented out in my config file. i commented it in and set it to no. now 1 last login message appears.
is this from pam? or is this one too from ssh and it gets something wrong?
i find it interesting that one time the timezone and tty are printed, and one time not, if both outputs appear. |
|
Back to top |
|
|
theholymac n00b
Joined: 28 Jun 2006 Posts: 56 Location: Probably at the solar car shop in St. Paul
|
Posted: Tue Oct 07, 2008 6:10 pm Post subject: |
|
|
After switching my dev/test box over to ~x86, this issue occurred. When ssh'ing in, the motd and last login were displayed twice.
Setting both "PrintMotd" and "PrintLastLog" to "no" fixed this. Either MOTD behavior changed, sshd behavior changed, or these options used to be set to "no" as default. I'm not certain what is the case, but the issue it created was merely annoying and the fix was easy. |
|
Back to top |
|
|
nutbar n00b
Joined: 06 Jul 2005 Posts: 5
|
Posted: Tue Oct 28, 2008 6:51 am Post subject: |
|
|
I just updated my system and noticed this as well. I checked up on changes to openssh and it doesn't appear that they have changed the default PrintLastLog to cause this (so it was always defaulted to yes). I peeked at the ChangeLog from the openssh ebuild and it seems that at around openssh 5.0, they switched to using "pambase" or whatever, and I did notice a call to pam_lastlog.so in an included pam.d config file.
So one line is coming from SSH, the other is from PAM. The first lastlog line you see is from PAM, and the 2nd one is from SSH (the one without the timezone). My personal fix was editing /etc/ssh/sshd_config and setting PrintLastLog to no (esp since PAM provides more detail - and the time entry is correct, whereas I noticed SSH was off by 2 hours with me using UTC). |
|
Back to top |
|
|
mindful n00b
Joined: 14 Aug 2007 Posts: 13
|
Posted: Tue Oct 28, 2008 4:29 pm Post subject: |
|
|
After editing /etc/ssh/ssd_config to include 'PrintLastLog no' I had to restart sshd with >>> '/etc/init.d/sshd zap && kill $(pgrep -f /usr/sbin/sshd) && rc'.
Doing a '/etc/init.d/sshd restart' killed my sshd and didn't restart it on one of my servers. The above forgoes that nonsense. _________________ The world owes us nothing but a grave... |
|
Back to top |
|
|
thumper Guru
Joined: 06 Dec 2002 Posts: 552 Location: Venice FL
|
Posted: Fri Oct 31, 2008 9:27 pm Post subject: |
|
|
And now the last command shows two logins as well as two motd's and last logins, one for pts/0 and one for ssh and seems to have started after upgrading to net-misc/openssh-5.1_p1-r1
George |
|
Back to top |
|
|
rev138 l33t
Joined: 19 Jun 2003 Posts: 848 Location: Vermont, USA
|
Posted: Sat Nov 01, 2008 12:10 am Post subject: |
|
|
This occurred for me after uninstalling ss and com_err in order to upgrade e2fsprogs. I have no idea if there's a connection. _________________ Vermont Free PC
http://www.vtfreepc.org |
|
Back to top |
|
|
thumper Guru
Joined: 06 Dec 2002 Posts: 552 Location: Venice FL
|
Posted: Sat Nov 01, 2008 12:25 am Post subject: |
|
|
rev138 wrote: | This occurred for me after uninstalling ss and com_err in order to upgrade e2fsprogs. I have no idea if there's a connection. |
Interesting, I did that at the same time openssh got upgraded, the plot thickens.
George |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2961 Location: Edge of marsh USA
|
Posted: Sat Nov 01, 2008 3:22 am Post subject: |
|
|
During my more or less weekly update, the following was included:
Quote: | [ebuild U ] net-misc/openssh-5.1_p1-r1 [4.7_p1-r6] |
This changed the login message behavior noted by all of you. The solution to change PrintLastLog to no in etc/ssh/sshd_config made the desired correction.
As mindful pointed out in his post, if you are currently logged into the box via ssh, you have to take extra pains to bring sshd to a full stop then restart it. An ordinary /etc/init.d/sshd restart won't cut it.
This does not seem to be related to the e2fsprogs ss com_err fiasco. It just took place at the same time. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
reillyeon n00b
Joined: 26 Mar 2003 Posts: 44 Location: Boston (ish)
|
Posted: Thu Nov 20, 2008 3:48 pm Post subject: |
|
|
Ok, thanks. That fixed the double "Last login:" message but it's still creating two entries that I see when I run "last". Any ideas? _________________ Linux user #309501 |
|
Back to top |
|
|
qriff n00b
Joined: 04 Dec 2003 Posts: 73
|
Posted: Thu Nov 20, 2008 7:29 pm Post subject: |
|
|
That did not fix anything, you changed the symptom of the same bug.
Just the mere definition of a setting named "PrintLastLog" is that when set to "Yes" there is a print of the last login, and vice versa.
Technically, setting "PrintLastLog" to "No" and still getting a print would be considered another bug.
Typical Gentoo ricing, anything that just hides anomalies is presented as a solution. |
|
Back to top |
|
|
eaglex n00b
Joined: 03 Dec 2005 Posts: 15
|
Posted: Thu Nov 20, 2008 10:47 pm Post subject: |
|
|
This can be fixed by commenting out:
Code: | session optional pam_lastlog.so |
from /etc/pam.d/system-login.
And for those wondering:
Quote: | pam_lastlog is a PAM module to display a line of information about the last login of the user. In addition, the module maintains the /var/log/lastlog file.
Some applications may perform this function themselves. In such cases, this module is not necessary. |
|
|
Back to top |
|
|
zeek Guru
Joined: 16 Nov 2002 Posts: 480 Location: Bantayan Island
|
Posted: Fri Nov 21, 2008 4:11 am Post subject: |
|
|
eaglex wrote: | This can be fixed by commenting out:
Code: | session optional pam_lastlog.so |
from /etc/pam.d/system-login.
|
That effects everything that uses system-login, which I believe includes console logins. IOW, console logins will no longer add a line to wtmp (lastlog). Its better to edit /etc/pam.d/sshd instead to limit any potential side effects. See the bug report:
https://bugs.gentoo.org/show_bug.cgi?id=244816#c5 |
|
Back to top |
|
|
qriff n00b
Joined: 04 Dec 2003 Posts: 73
|
Posted: Sat Nov 22, 2008 6:00 am Post subject: |
|
|
Now there are some real theories and fixes.
Thank you eaglex and zeek |
|
Back to top |
|
|
bunder Bodhisattva
Joined: 10 Apr 2004 Posts: 5934
|
Posted: Sat Nov 22, 2008 10:49 am Post subject: |
|
|
Quote: | This changed the login message behavior noted by all of you. The solution to change PrintLastLog to no in etc/ssh/sshd_config made the desired correction. |
didn't work here. masked =net-misc/openssh-5.1_p1-r1 on every single machine i own until they figure this crap out. _________________
Neddyseagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
Back to top |
|
|
eaglex n00b
Joined: 03 Dec 2005 Posts: 15
|
Posted: Sat Nov 22, 2008 12:44 pm Post subject: |
|
|
zeek wrote: | IOW, console logins will no longer add a line to wtmp (lastlog). |
Works for me.
Code: | $ last -1
eaglex tty1 Sat Nov 22 14:42 - 14:42 (00:00) |
But you are right, it is better to double-check / modify only what bugs you. |
|
Back to top |
|
|
qriff n00b
Joined: 04 Dec 2003 Posts: 73
|
Posted: Fri Nov 28, 2008 7:38 pm Post subject: |
|
|
Nowdays default /etc/pam.d/sshd uses only system-remote-login.
Code: | auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login |
|
|
Back to top |
|
|
ArNiS n00b
Joined: 06 Dec 2005 Posts: 63 Location: Saint-Petersburg, Russia
|
Posted: Sun Dec 07, 2008 11:06 pm Post subject: |
|
|
I have got the same problem with double motd message after openssh update. It was successfully healed by commenting out
#session optional pam_motd.so motd=/etc/motd
in /etc/pam.d/system-login _________________ Today is the first day of the remained life |
|
Back to top |
|
|
bunder Bodhisattva
Joined: 10 Apr 2004 Posts: 5934
|
Posted: Mon Dec 08, 2008 11:06 am Post subject: |
|
|
ArNiS wrote: | I have got the same problem with double motd message after openssh update. It was successfully healed by commenting out
#session optional pam_motd.so motd=/etc/motd
in /etc/pam.d/system-login |
does that have any effect on local logins? or logins that use pam, other than ssh?
thanks _________________
Neddyseagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
Back to top |
|
|
xtz Apprentice
Joined: 29 Oct 2007 Posts: 181 Location: Singapore
|
Posted: Mon Dec 08, 2008 7:30 pm Post subject: |
|
|
If you don't use pam, the issue with the double-message does not appear. The problem is occuring only if openssh is compiled with 'pam' included in the USE flags. |
|
Back to top |
|
|
ArNiS n00b
Joined: 06 Dec 2005 Posts: 63 Location: Saint-Petersburg, Russia
|
Posted: Tue Dec 09, 2008 2:48 pm Post subject: |
|
|
bunder wrote: |
does that have any effect on local logins? or logins that use pam, other than ssh?
thanks |
Actually pam_motd.so is optional module. Doesn't seem like it have any effect on any other things except "message of the day" _________________ Today is the first day of the remained life |
|
Back to top |
|
|
the_g_cat Tux's lil' helper
Joined: 31 Mar 2004 Posts: 117 Location: Dortmund - Germany
|
Posted: Wed Dec 17, 2008 10:23 am Post subject: |
|
|
I don't know if some people are still hitting this "bug", but I had a little different approach: instead of changing the PAM configuration in system-login (which in my eyes is too deep-going a measure to just adjust some stuff for sshd), I copied the 5 session lines out of it and copied them in the sshd PAM file and commented the lines causing the double login.
The Only file I changed is /etc/pam.d/sshd to:
Code: | # cat /etc/pam.d/sshd
auth include system-remote-login
account include system-remote-login
password include system-remote-login
#session include system-remote-login
session required pam_env.so
#session optional pam_lastlog.so
session include system-auth
#session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so |
This solves the double lastlog message, the double motd (if present) and the double entry in wtmp, leaving only the one with the tty (as opposed to the one with the process name set by pam).
Please be aware though, that any change to the session settings in system-remote-login or system-login will not be included in the sshd PAM config. |
|
Back to top |
|
|
|