Scot P. Floess wrote:
I am running Fedora Core 5 on a dual PIII 450 Mhz machine, 1 GB of RAM,
and OpensSSH_4.3p2/Open SSL 0.9.8a...
I am experiencing odd timestamps generated from sshd. Basically
whenever someone tries to login via ssh I see timestamps for the current
time and then for a few hours before and then current time again. For
instance, here is a sample from /var/log/messages (disregard the
ellipses as I chopped out the usernames/ip addresses):
Oct 23 08:57:26 adminserver sshd[19422]: Failed password for invalid
user ... ssh2
Oct 23 *04:57:30* adminserver sshd[19423]: Failed password for invalid
user ... ssh2
Oct 23 08:57:30 adminserver sshd[19424]: Failed password for invalid
user ... ssh2
Oct 23 *04:57:34* adminserver sshd[19425]: Failed password for invalid
user ... ssh2
Oct 23 08:57:34 adminserver sshd[19426]: Failed password for invalid
user ... ssh2
Two things here:
1) there's two sets of messages because the privilege separation monitor
and slave both log this message (that's fixed in 4.4p1, only the monitor
will log it).
2) the times are offset from what you expect because in the slave, libc
doesn't know how to convert UTC into your local time (it has the TZ
environment variable, but because it's chrooted it can't read
/etc/localtime to know what to do with it) so it logs in UTC.
You can work around that by copying /etc/localtime to an etc the chroot
that the slave uses (/var/empty for the vanilla source, the copy would
be /var/empty/etc/localtime).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
