Date: Fri, 4 Dec 2009 21:21:35 -0800 From: Nerius Landys <nlandys@gmail.com> To: George Davidovich <freebsd@optimis.net> Cc: freebsd-questions@freebsd.org Subject: Re: "Last login" message Message-ID: <560f92640912042121o2d7fcb12v113db559d1c29b18@mail.gmail.com> In-Reply-To: <20091204232629.GC18745@marvin.optimis.net> References: <560f92640912031516r7519dbb9x32e236b90f2b6508@mail.gmail.com> <20091204232629.GC18745@marvin.optimis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
OK, I did some digging. Setting sshd_flags="-u 32" actually didn't change anything (and of course restarting sshd). I did have a look at this file though: /var/log/lastlog And I noticed that the truncated hostname is stored in that file. You can do a "man lastlog" or "man utmp" and it will indeed tell you that pam_lastlog does the writing to this file. No hint as to the truncation however. I did do an experiment by logging in from 2 different hosts which both have valid reverse IP lookups. root@speedy# dig 249.164.240.216.in-addr.arpa PTR ; <<>> DiG 9.4.2-P2 <<>> 249.164.240.216.in-addr.arpa PTR ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49800 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;249.164.240.216.in-addr.arpa. IN PTR ;; ANSWER SECTION: 249.164.240.216.in-addr.arpa. 2500 IN PTR roadrunner.metaflex.com. ;; AUTHORITY SECTION: 164.240.216.in-addr.arpa. 2500 IN NS ns2.tiora.net. 164.240.216.in-addr.arpa. 2500 IN NS ns.tiora.net. ;; ADDITIONAL SECTION: ns2.tiora.net. 142262 IN A 216.240.164.132 ns.tiora.net. 142262 IN A 216.240.164.131 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Dec 4 21:17:17 2009 ;; MSG SIZE rcvd: 159 and this one: root@speedy# dig 169.192.156.64.in-addr.arpa PTR ; <<>> DiG 9.4.2-P2 <<>> 169.192.156.64.in-addr.arpa PTR ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12860 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;169.192.156.64.in-addr.arpa. IN PTR ;; ANSWER SECTION: 169.192.156.64.in-addr.arpa. 50462 IN PTR daffy.nerius.com. ;; AUTHORITY SECTION: 192.156.64.in-addr.arpa. 50462 IN NS ns2.m5hosting.com. 192.156.64.in-addr.arpa. 50462 IN NS ns3.m5hosting.com. ;; ADDITIONAL SECTION: ns3.m5hosting.com. 136862 IN A 209.216.230.5 ns2.m5hosting.com. 136862 IN A 209.216.206.167 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Dec 4 21:18:09 2009 ;; MSG SIZE rcvd: 153 Strange thing is, when I log in to speedy from daffy.nerius.com, it logs the truncated hostname in /var/log/lastlog. When I log in to speedy from roadrunner.metaflex.com, it logs only the IP address in /var/log/lastlog.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560f92640912042121o2d7fcb12v113db559d1c29b18>