Re: ssh 4.x using aix 5.3 auditing

[Ryan Robertson <r3r2@yahoo.com>]

I'm still a bit confused as to how control-d is interpreted in ssh vs telnet.  
The only thing I can figure is that telnet traps control-d as User_Exit or 
USER_Logout and ssh interprets it as EOF.  If EOF is triggered, then the 
auditing subsystem doesnt care.

The 'logout' command is only affected if you are NOT logged into the console.
====================
test_citi:/root # grep UseLogin /usr/etc/sshd_config
UseLogin no
test_citi:/root # tty
/dev/pts/0
test_citi:/root # logout
3004-065 You must be on the login terminal.
test_citi:/root #
======================

test_citi:/root # grep UseLogin /usr/etc/sshd_config
UseLogin no
test_citi:/root # tty
/dev/vty0
test_citi:/root # logout

=============

In order to trigger the auditing subsystem, I have to do the following:
add 'set -o ignoreeof'' in /etc/profile
change UseLogin to "yes".  this is due to the tty issue listed above.

-Thanks,
Ryan





 
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev