The information in my previous mail is partly incorrect. Further tests
with freshly installed Trixie machines show the following behaviour.
0. In the initial Debian Trixie image provided by my ISP liblastlog2-2
is installed (via util-linux).
1. As long as /var/log/lastlog does not exist, sshd-session logs an INFO
(Level 6) complaint in the journal. In my case, it is actually logged
twice per login. No last login message appears in the post-login banner
of interactive SSH user sessions.
2. sudo touch /var/log/lastlog creates the missing file. From that point
onward, this file is somehow updated, containing valid data. The last
login message appears normally in the post-login banner. Furthermore, it
is configurable via PrintLastLog (yes/no).
3. Installing lastlog2 via apt (with automatic dependencies
libpam-lastlog2 libpam-wtmpdb logrotate wtmpdb) modifies the the
behaviour. Now, the last login message in the post-login banner is
placed above the /etc/motd content. And it is placed there even with
PrintLastLog no. That is to say, this switch appears to be corrupted in
this scenario.
Hope that helps to clarify things
Andreas
