[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sarge: Lost # of failed logins

On Thu, Jul 26, 2007 at 05:52:00PM -0600, Bob Proulx wrote:
> Florian Kulzer wrote:
> > I have been using Debian for about 5 years now. As far as I remember, it
> > always had the "n failure(s) since last login" message (if n was greater
> > than zero).
> I have never seen that message.

it works reliably on this particular up-to-date sid box, shows the
proper number of failures. I think it must come from login, but I
can't see what might cause to happen or not.

> > I never had to do anything to set it up, therefore I
> > unfortunately don't know exactly how it works. My best guess is that it
> > involves some PAM modules which parse /var/log/faillog and/or use the
> > "faillog" command. Maybe this link helps to track it down:
> I always have a ~/.hushlogin.  When I remove it I still never see
> failures.  I see this instead:
>   Last login: Thu Jul 26 17:32:14 2007 from dementia.proulx.com
> If you create a .hushlogin file for you does your login failure
> message at login go away?
>   touch ~/.hushlogin

I see _nothing_ with a ~/.hushlogin and everything: motd, Last login,
failures etc, without ~/.hushlogin

> The sshd uses the presence of .hushlogin to silence the banner.  In
> the sshd man page:
>   1.  If the login is on a tty, and no command has been specified,
>       prints last login time and /etc/motd (unless prevented in the
>       configuration file or by $HOME/.hushlogin; see the FILES section).

I do _not_ get this message over ssh, so it must come from that pair
-- login or getty...


Attachment: signature.asc
Description: Digital signature

Reply to: