-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-8.10.z
-
None
-
Yes
-
Critical
-
rhel-idm-zta
-
ssg_idm
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
-
All
-
None
What is the impact of this issue to you?
Security problem. Not able to track successful local logins
Please provide the package NVR for which the bug is seen:
pam-1.3.1-36.el8_10.x86_64
How reproducible is this bug?:
Always
Steps to reproduce
1. ssh user@localhost
Expected results
Jan 24 10:53:04 rhel8 sshd[63959]: Accepted keyboard-interactive/pam for root from 127.0.0.1 port 46476 ssh2
Jan 24 10:53:04 rhel8 sshd[63959]: pam_unix(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root
Jan 24 10:53:04 rhel8 sshd[63959]: pam_unix(sshd:session): session opened for user root by (uid=0)
Actual results
Jan 24 10:53:04 rhel8 sshd[63959]: Accepted keyboard-interactive/pam for root from 127.0.0.1 port 46476 ssh2
Jan 24 10:53:04 rhel8 sshd[63959]: pam_unix(sshd:session): session opened for user root by (uid=0)
If using a external user it does show this
Jan 24 10:55:19 rhel8 sshd[64017]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=admin
Jan 24 10:55:19 rhel8 sshd[64015]: Accepted keyboard-interactive/pam for admin from 127.0.0.1 port 34902 ssh2
Jan 24 10:55:20 rhel8 systemd[64024]: pam_unix(systemd-user:session): session opened for user admin by (uid=0)
Jan 24 10:55:20 rhel8 sshd[64015]: pam_unix(sshd:session): session opened for user admin by (uid=0)