You are not logged in.

Pages: 1

#1 2025-10-26 03:02:16

zahreela_saanp
Member
Registered: 2025-06-22
Posts: 8

Incorrect last login IP in SSH sessions

I have 3 systems:

10.69.69.100 - pc-ubuntu
10.69.69.101 - pc-arch
10.69.69.102 - laptop-arch

I have installed OpenSSH via `core/openssh 10.2p1-2` on `pc-arch` and `laptop-arch`

This is what my configuration looks like on both Arch systems:

$ cat /etc/pam.d/sshd
#%PAM-1.0

auth      include   system-remote-login
account   include   system-remote-login
password  include   system-remote-login
session   include   system-remote-login
session   include   postlogin

$ cat /etc/pam.d/postlogin
#%PAM-1.0
session optional pam_lastlog2.so

The problem:
1. I login using SSH to pc-arch from pc-ubuntu and logout.
2. I login using SSH to pc-arch from laptop-arch

Expected:

Last Login from 10.69.69.100

Observed:

Last login: Sun Oct 26 08:20:07 IST 2025 from 10.69.69.102 on ssh

It appears that the Last Login is printing the IP of the machine that is currently opening the SSH session which is wrong.
Is there something wrong with the sequence of my configuration?

I tried setting `PrintLastLog yes` in `/etc/ssh/sshd_config.d/zz-last-login.conf` but I get the following error so I just removed it.

sshd-session[563363]: /etc/ssh/sshd_config.d/zz-last-login.conf line 1: Unsupported option PrintLastLog [preauth]

Last edited by zahreela_saanp (2025-10-26 03:03:04)

Offline

#2 2025-10-26 03:37:10

zahreela_saanp
Member
Registered: 2025-06-22
Posts: 8

Re: Incorrect last login IP in SSH sessions

I was able to solve this by following the PAM inclusion chain.

`/etc/pam.d/sshd` -> `/etc/pam.d/system-remote-login` -> `/etc/pam.d/system-login`

$ cat /etc/pam.d/system-login
...
session    optional   pam_lastlog2.so      silent
...

I removed `/etc/pam.d/postlogin` completely and replaced the above configuration with:

$ cat /etc/pam.d/system-login
...
# session    optional   pam_lastlog2.so      silent
session    optional   pam_lastlog2.so
...

The only thing I am worried about now is hopefully these settings will persist across package/system upgrades.
I will leave the thread the open for now so I can get an answer for the persistent settings concern.

Last edited by zahreela_saanp (2025-10-26 03:47:14)

Offline

#3 2025-10-26 09:25:14

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 75,086

Re: Incorrect last login IP in SSH sessions

Anything  containing /etc/pam.d/postlogin would restore that file but you'll in doubt get a .pacsave for the deviating update, see pacdiff
Also see https://man.archlinux.org/man/pam_lastlog2.8#EXAMPLES (unfortunately it doesn't seem possible to invert the flag to limit it to remote-login

Alternatively you could change system-remote-login to instead of just "session include system-login" replicate the config there w/ the altered lastlog2 parameter.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

Pages: 1

Board footer

Powered by FluxBB