On Wed, May 10, 2006 at 07:46:20AM +0300, Jari Aalto wrote: > | severity 366541 wishlist > | thanks > | > | On Tue, May 09, 2006 at 06:30:00PM +0300, Jari Aalto wrote: > | > Package: openssh-server > | > Version: 1:4.2p1-8 > | > Severity: normal > | > Tags: security > | > > | > The /etc/passwd contains entry: > | > > | > sshd:x:101:65534::/var/run/sshd:/bin/false > | > > | > SUGGESTION > | > > | > The new login package includes /bin/nologin wich would be more secure, > | > because it leaves trace to syslog after login attemps. > | I think it has the same functional effect: > | May 9 12:46:31 andromeda nologin: Attempted login by pryzbyj on > /dev/pts/2 > | May 9 12:47:34 andromeda login[6063]: FAILED LOGIN (1) on `tty1' FOR > `sshd', Authentication failure > | May 9 12:49:31 andromeda login[25987]: FAILED LOGIN (1) on `tty1' FOR > `sshd', Authentication failure > > Not at all. The nologin records the account that ws used to "crack in". I was unclear. The first of those lines was when I ran /usr/sbin/nologin (note that the path is different from what you suggest) from the shell of an authenticated account.
The other 2 lines are the same, since the shell is never even run; I guess that this is a request for logging, in the accidental case that the shell *is* run? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
