sshd not appending to /var/log/btmp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Saucy |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
SRU justification :
btmp logging had been removed in Debian a while ago due to protection to the /var/log/btmp file. This restriction is no longer true so it has been re-enabled on Debian.
Impact :
Failure to login using ssh will be recorded in /var/log/btmp.
Fix :
Change compilation time option
Test Case :
$ ssh badname@localhost # hit 'enter' three times to fail logging in.
$ sudo lastb
Expected outcome:
"lastb" reports something similar to:
"badname ssh:pts/1 localhost Sun Mar 27 17:01 - 17:01 (04:00)"
just as it does when a bad login attempt is made using /bin/login, or when using sshd on other distributions of linux (CentOS, Fedora, Arch, SUSE, ...etc)
Actual outcome
No mention of a bad login attempt in lastb output; /var/log/btmp modify time and byte size is unchanged.
Regression :
None expected, this used to be the default before it got disabled.
Original description of the problem :
Steps to reproduce:
$ ssh badname@localhost # hit 'enter' three times to fail logging in.
$ sudo lastb
Expected outcome:
"lastb" reports something similar to:
"badname ssh:pts/1 localhost Sun Mar 27 17:01 - 17:01 (04:00)"
just as it does when a bad login attempt is made using /bin/login, or when using sshd on other distributions of linux (CentOS, Fedora, Arch, SUSE, ...etc)
Actual outcome
No mention of a bad login attempt in lastb output; /var/log/btmp modify time and byte size is unchanged.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: openssh-server 1:5.3p1-3ubuntu6
Uname: Linux 2.6.18-
Architecture: amd64
Date: Sun Mar 27 16:40:55 2011
ProcEnviron:
LANGUAGE=
LC_CTYPE=C
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssh
description: | updated |
Changed in openssh (Ubuntu Saucy): | |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
Changed in openssh (Ubuntu Precise): | |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
Changed in openssh (Ubuntu Saucy): | |
importance: | Undecided → Medium |
Changed in openssh (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in openssh (Ubuntu Saucy): | |
status: | New → In Progress |
Changed in openssh (Ubuntu Trusty): | |
status: | Confirmed → Fix Released |
Changed in openssh (Ubuntu): | |
assignee: | Louis Bouchard (louis-bouchard) → nobody |
Changed in openssh (Ubuntu Saucy): | |
assignee: | Louis Bouchard (louis-bouchard) → nobody |
Changed in openssh (Ubuntu Precise): | |
assignee: | Louis Bouchard (louis-bouchard) → nobody |
Changed in openssh (Ubuntu Trusty): | |
assignee: | Louis Bouchard (louis-bouchard) → nobody |
A known quirk of sshd in other distros is that sshd will refuse to write to world- or group-readable /var/log/btmp. The fix for this is 'chmod 0600 /var/log/btmp'.
Ubuntu Linux installs /var/log/btmp with permissions 0660 (aka -rw-rw----). I already changed permissions to 0600 (aka -rw-------) and /var/log/btmp is still unaffected by bad login attempts via sshd.