"Last login" message
Nerius Landys
nlandys at gmail.com
Sat Dec 5 05:21:36 UTC 2009
OK, I did some digging. Setting sshd_flags="-u 32" actually didn't
change anything (and of course restarting sshd).
I did have a look at this file though:
/var/log/lastlog
And I noticed that the truncated hostname is stored in that file. You
can do a "man lastlog" or "man utmp" and it will indeed tell you that
pam_lastlog does the writing to this file.
No hint as to the truncation however.
I did do an experiment by logging in from 2 different hosts which both
have valid reverse IP lookups.
root at speedy# dig 249.164.240.216.in-addr.arpa PTR
; <<>> DiG 9.4.2-P2 <<>> 249.164.240.216.in-addr.arpa PTR
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49800
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;249.164.240.216.in-addr.arpa. IN PTR
;; ANSWER SECTION:
249.164.240.216.in-addr.arpa. 2500 IN PTR roadrunner.metaflex.com.
;; AUTHORITY SECTION:
164.240.216.in-addr.arpa. 2500 IN NS ns2.tiora.net.
164.240.216.in-addr.arpa. 2500 IN NS ns.tiora.net.
;; ADDITIONAL SECTION:
ns2.tiora.net. 142262 IN A 216.240.164.132
ns.tiora.net. 142262 IN A 216.240.164.131
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 4 21:17:17 2009
;; MSG SIZE rcvd: 159
and this one:
root at speedy# dig 169.192.156.64.in-addr.arpa PTR
; <<>> DiG 9.4.2-P2 <<>> 169.192.156.64.in-addr.arpa PTR
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12860
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;169.192.156.64.in-addr.arpa. IN PTR
;; ANSWER SECTION:
169.192.156.64.in-addr.arpa. 50462 IN PTR daffy.nerius.com.
;; AUTHORITY SECTION:
192.156.64.in-addr.arpa. 50462 IN NS ns2.m5hosting.com.
192.156.64.in-addr.arpa. 50462 IN NS ns3.m5hosting.com.
;; ADDITIONAL SECTION:
ns3.m5hosting.com. 136862 IN A 209.216.230.5
ns2.m5hosting.com. 136862 IN A 209.216.206.167
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 4 21:18:09 2009
;; MSG SIZE rcvd: 153
Strange thing is, when I log in to speedy from daffy.nerius.com, it
logs the truncated hostname in /var/log/lastlog. When I log in to
speedy from roadrunner.metaflex.com, it logs only the IP address in
/var/log/lastlog.
More information about the freebsd-questions
mailing list