Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
2 last login messages on ssh connection
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397

PostPosted: Wed Jul 30, 2008 8:00 pm    Post subject: 2 last login messages on ssh connection Reply with quote

hi,

i get this
Code:
$ ssh wall
Last login: Wed Jul 30 21:57:30 CEST 2008 from seaburg on pts/2
Last login: Wed Jul 30 21:58:09 2008 from seaburg
%

i already re-emerged openssh and did a revdep-rebuild. the sshd-config is sane.

who knows what's wrong?
Back to top
View user's profile Send private message
think4urs11
Bodhisattva
Bodhisattva


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud

PostPosted: Wed Jul 30, 2008 8:22 pm    Post subject: Reply with quote

check /etc/motd
check Banner setting in /etc/ssh/sshd_config
the first one should come from PrintLastLog yes in /etc/ssh/sshd_config
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397

PostPosted: Wed Jul 30, 2008 10:22 pm    Post subject: Reply with quote

/etc/motd did not exist. for testing i just echoed "foo" in it.
PrintLastLog in sshd_config was commented out, i commented it in and set it to no.
here is the result:
Code:
$ ssh wall
Last login: Thu Jul 31 00:04:31 CEST 2008 from seaburg on pts/2
foo
Last login: Thu Jul 31 00:04:47 2008 from seaburg
foo
%
Back to top
View user's profile Send private message
TwoMinds
Tux's lil' helper
Tux's lil' helper


Joined: 14 Jul 2004
Posts: 146
Location: Italy

PostPosted: Fri Aug 01, 2008 4:31 pm    Post subject: Reply with quote

Hi. I have the same problem here: twice motd and last login.
Back to top
View user's profile Send private message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397

PostPosted: Wed Aug 06, 2008 1:15 pm    Post subject: Reply with quote

Think4UrS11, PrintLastLog seems to have a default value of yes. it was commented out in my config file. i commented it in and set it to no. now 1 last login message appears.
is this from pam? or is this one too from ssh and it gets something wrong?
i find it interesting that one time the timezone and tty are printed, and one time not, if both outputs appear.
Back to top
View user's profile Send private message
theholymac
n00b
n00b


Joined: 28 Jun 2006
Posts: 56
Location: Probably at the solar car shop in St. Paul

PostPosted: Tue Oct 07, 2008 6:10 pm    Post subject: Reply with quote

After switching my dev/test box over to ~x86, this issue occurred. When ssh'ing in, the motd and last login were displayed twice.

Setting both "PrintMotd" and "PrintLastLog" to "no" fixed this. Either MOTD behavior changed, sshd behavior changed, or these options used to be set to "no" as default. I'm not certain what is the case, but the issue it created was merely annoying and the fix was easy.
Back to top
View user's profile Send private message
nutbar
n00b
n00b


Joined: 06 Jul 2005
Posts: 5

PostPosted: Tue Oct 28, 2008 6:51 am    Post subject: Reply with quote

I just updated my system and noticed this as well. I checked up on changes to openssh and it doesn't appear that they have changed the default PrintLastLog to cause this (so it was always defaulted to yes). I peeked at the ChangeLog from the openssh ebuild and it seems that at around openssh 5.0, they switched to using "pambase" or whatever, and I did notice a call to pam_lastlog.so in an included pam.d config file.

So one line is coming from SSH, the other is from PAM. The first lastlog line you see is from PAM, and the 2nd one is from SSH (the one without the timezone). My personal fix was editing /etc/ssh/sshd_config and setting PrintLastLog to no (esp since PAM provides more detail - and the time entry is correct, whereas I noticed SSH was off by 2 hours with me using UTC).
Back to top
View user's profile Send private message
mindful
n00b
n00b


Joined: 14 Aug 2007
Posts: 13

PostPosted: Tue Oct 28, 2008 4:29 pm    Post subject: Reply with quote

After editing /etc/ssh/ssd_config to include 'PrintLastLog no' I had to restart sshd with >>> '/etc/init.d/sshd zap && kill $(pgrep -f /usr/sbin/sshd) && rc'.

Doing a '/etc/init.d/sshd restart' killed my sshd and didn't restart it on one of my servers. The above forgoes that nonsense.
_________________
The world owes us nothing but a grave...
Back to top
View user's profile Send private message
thumper
Guru
Guru


Joined: 06 Dec 2002
Posts: 550
Location: Venice FL

PostPosted: Fri Oct 31, 2008 9:27 pm    Post subject: Reply with quote

And now the last command shows two logins as well as two motd's and last logins, one for pts/0 and one for ssh and seems to have started after upgrading to net-misc/openssh-5.1_p1-r1

George
Back to top
View user's profile Send private message
rev138
l33t
l33t


Joined: 19 Jun 2003
Posts: 848
Location: Vermont, USA

PostPosted: Sat Nov 01, 2008 12:10 am    Post subject: Reply with quote

This occurred for me after uninstalling ss and com_err in order to upgrade e2fsprogs. I have no idea if there's a connection.
_________________
Vermont Free PC
http://www.vtfreepc.org
Back to top
View user's profile Send private message
thumper
Guru
Guru


Joined: 06 Dec 2002
Posts: 550
Location: Venice FL

PostPosted: Sat Nov 01, 2008 12:25 am    Post subject: Reply with quote

rev138 wrote:
This occurred for me after uninstalling ss and com_err in order to upgrade e2fsprogs. I have no idea if there's a connection.


Interesting, I did that at the same time openssh got upgraded, the plot thickens.

George
Back to top
View user's profile Send private message
figueroa
Advocate
Advocate


Joined: 14 Aug 2005
Posts: 2912
Location: Edge of marsh USA

PostPosted: Sat Nov 01, 2008 3:22 am    Post subject: Reply with quote

During my more or less weekly update, the following was included:
Quote:
[ebuild U ] net-misc/openssh-5.1_p1-r1 [4.7_p1-r6]

This changed the login message behavior noted by all of you. The solution to change PrintLastLog to no in etc/ssh/sshd_config made the desired correction.

As mindful pointed out in his post, if you are currently logged into the box via ssh, you have to take extra pains to bring sshd to a full stop then restart it. An ordinary /etc/init.d/sshd restart won't cut it.

This does not seem to be related to the e2fsprogs ss com_err fiasco. It just took place at the same time.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi
Back to top
View user's profile Send private message
reillyeon
n00b
n00b


Joined: 26 Mar 2003
Posts: 44
Location: Boston (ish)

PostPosted: Thu Nov 20, 2008 3:48 pm    Post subject: Reply with quote

Ok, thanks. That fixed the double "Last login:" message but it's still creating two entries that I see when I run "last". Any ideas?
_________________
Linux user #309501
Back to top
View user's profile Send private message
qriff
n00b
n00b


Joined: 04 Dec 2003
Posts: 73

PostPosted: Thu Nov 20, 2008 7:29 pm    Post subject: Reply with quote

That did not fix anything, you changed the symptom of the same bug.

Just the mere definition of a setting named "PrintLastLog" is that when set to "Yes" there is a print of the last login, and vice versa.
Technically, setting "PrintLastLog" to "No" and still getting a print would be considered another bug.

Typical Gentoo ricing, anything that just hides anomalies is presented as a solution.
Back to top
View user's profile Send private message
eaglex
n00b
n00b


Joined: 03 Dec 2005
Posts: 15

PostPosted: Thu Nov 20, 2008 10:47 pm    Post subject: Reply with quote

This can be fixed by commenting out:
Code:
session                optional        pam_lastlog.so

from /etc/pam.d/system-login.

And for those wondering:
Quote:
pam_lastlog is a PAM module to display a line of information about the last login of the user. In addition, the module maintains the /var/log/lastlog file.

Some applications may perform this function themselves. In such cases, this module is not necessary.
Back to top
View user's profile Send private message
zeek
Guru
Guru


Joined: 16 Nov 2002
Posts: 480
Location: Bantayan Island

PostPosted: Fri Nov 21, 2008 4:11 am    Post subject: Reply with quote

eaglex wrote:
This can be fixed by commenting out:
Code:
session                optional        pam_lastlog.so

from /etc/pam.d/system-login.


That effects everything that uses system-login, which I believe includes console logins. IOW, console logins will no longer add a line to wtmp (lastlog). Its better to edit /etc/pam.d/sshd instead to limit any potential side effects. See the bug report:

https://bugs.gentoo.org/show_bug.cgi?id=244816#c5
Back to top
View user's profile Send private message
qriff
n00b
n00b


Joined: 04 Dec 2003
Posts: 73

PostPosted: Sat Nov 22, 2008 6:00 am    Post subject: Reply with quote

Now there are some real theories and fixes.
Thank you eaglex and zeek
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5934

PostPosted: Sat Nov 22, 2008 10:49 am    Post subject: Reply with quote

Quote:
This changed the login message behavior noted by all of you. The solution to change PrintLastLog to no in etc/ssh/sshd_config made the desired correction.


didn't work here. masked =net-misc/openssh-5.1_p1-r1 on every single machine i own until they figure this crap out. :evil:
_________________
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.

banned from #gentoo since sept 2017
Back to top
View user's profile Send private message
eaglex
n00b
n00b


Joined: 03 Dec 2005
Posts: 15

PostPosted: Sat Nov 22, 2008 12:44 pm    Post subject: Reply with quote

zeek wrote:
IOW, console logins will no longer add a line to wtmp (lastlog).


Works for me.

Code:
$ last -1
eaglex   tty1                          Sat Nov 22 14:42 - 14:42  (00:00)


But you are right, it is better to double-check / modify only what bugs you.
Back to top
View user's profile Send private message
qriff
n00b
n00b


Joined: 04 Dec 2003
Posts: 73

PostPosted: Fri Nov 28, 2008 7:38 pm    Post subject: Reply with quote

Nowdays default /etc/pam.d/sshd uses only system-remote-login.

Code:
auth       include      system-remote-login
account    include      system-remote-login
password   include      system-remote-login
session    include      system-remote-login
Back to top
View user's profile Send private message
ArNiS
n00b
n00b


Joined: 06 Dec 2005
Posts: 63
Location: Saint-Petersburg, Russia

PostPosted: Sun Dec 07, 2008 11:06 pm    Post subject: Reply with quote

I have got the same problem with double motd message after openssh update. It was successfully healed by commenting out

#session optional pam_motd.so motd=/etc/motd

in /etc/pam.d/system-login
_________________
Today is the first day of the remained life
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5934

PostPosted: Mon Dec 08, 2008 11:06 am    Post subject: Reply with quote

ArNiS wrote:
I have got the same problem with double motd message after openssh update. It was successfully healed by commenting out

#session optional pam_motd.so motd=/etc/motd

in /etc/pam.d/system-login


does that have any effect on local logins? or logins that use pam, other than ssh?

thanks
_________________
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.

banned from #gentoo since sept 2017
Back to top
View user's profile Send private message
xtz
Apprentice
Apprentice


Joined: 29 Oct 2007
Posts: 181
Location: Singapore

PostPosted: Mon Dec 08, 2008 7:30 pm    Post subject: Reply with quote

If you don't use pam, the issue with the double-message does not appear. The problem is occuring only if openssh is compiled with 'pam' included in the USE flags.
Back to top
View user's profile Send private message
ArNiS
n00b
n00b


Joined: 06 Dec 2005
Posts: 63
Location: Saint-Petersburg, Russia

PostPosted: Tue Dec 09, 2008 2:48 pm    Post subject: Reply with quote

bunder wrote:


does that have any effect on local logins? or logins that use pam, other than ssh?

thanks


Actually pam_motd.so is optional module. Doesn't seem like it have any effect on any other things except "message of the day"
_________________
Today is the first day of the remained life
Back to top
View user's profile Send private message
the_g_cat
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2004
Posts: 117
Location: Dortmund - Germany

PostPosted: Wed Dec 17, 2008 10:23 am    Post subject: Reply with quote

I don't know if some people are still hitting this "bug", but I had a little different approach: instead of changing the PAM configuration in system-login (which in my eyes is too deep-going a measure to just adjust some stuff for sshd), I copied the 5 session lines out of it and copied them in the sshd PAM file and commented the lines causing the double login.

The Only file I changed is /etc/pam.d/sshd to:
Code:
# cat /etc/pam.d/sshd
auth       include      system-remote-login
account    include      system-remote-login
password   include      system-remote-login
#session           include      system-remote-login

session         required        pam_env.so
#session         optional        pam_lastlog.so
session         include         system-auth
#session         optional        pam_motd.so motd=/etc/motd
session         optional        pam_mail.so


This solves the double lastlog message, the double motd (if present) and the double entry in wtmp, leaving only the one with the tty (as opposed to the one with the process name set by pam).

Please be aware though, that any change to the session settings in system-remote-login or system-login will not be included in the sshd PAM config.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum