<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [NTLUG:Discuss] ssh login</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>I appreciate the suggestion but root still shows to be logged in as well as the test one that I did with the tjdavis account.</FONT></P>
<P><FONT SIZE=2>T.J. Davis</FONT>
<BR><FONT SIZE=2>Southwestern A/G University</FONT>
<BR><FONT SIZE=2>Information Technology</FONT>
<BR><FONT SIZE=2>tjdavis@sagu.edu</FONT>
<BR><FONT SIZE=2>(972) 937-4010 ext. 1255</FONT>
<BR><FONT SIZE=2>1 Timothy 4:12</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Kelledin [<A HREF="mailto:kelledin+NTLUG@skarpsey.dyndns.org">mailto:kelledin+NTLUG@skarpsey.dyndns.org</A>]</FONT>
<BR><FONT SIZE=2>Sent: Thursday, August 01, 2002 6:09 PM</FONT>
<BR><FONT SIZE=2>To: discuss@ntlug.org</FONT>
<BR><FONT SIZE=2>Subject: Re: [NTLUG:Discuss] ssh login</FONT>
</P>
<BR>
<P><FONT SIZE=2>On Thursday 01 August 2002 04:22 pm, TJ Davis wrote:</FONT>
<BR><FONT SIZE=2>> I am logged into ssh and everything is going good but I have</FONT>
<BR><FONT SIZE=2>> just setup this server and remember to go into sshd_config and</FONT>
<BR><FONT SIZE=2>> change PermitRootLogin to "no." After doing that I decided to</FONT>
<BR><FONT SIZE=2>> then restart the sshd daemon. This goes fine but, when I</FONT>
<BR><FONT SIZE=2>> logout the server has hung saying that root is logged in to</FONT>
<BR><FONT SIZE=2>> ssh. Even if I have the ssh daemon stopped it shows root to</FONT>
<BR><FONT SIZE=2>> be logged in still when I type "who" at the command prompt. </FONT>
<BR><FONT SIZE=2>> To test this I logged into ssh remotely as "tjdavis" and</FONT>
<BR><FONT SIZE=2>> killed the daemon while logged in. I went into the server</FONT>
<BR><FONT SIZE=2>> room and typed "who" and sure enough it shows tjdavis to still</FONT>
<BR><FONT SIZE=2>> be logged in. Anyone know how to fix this. I hope I made</FONT>
<BR><FONT SIZE=2>> sense. If you need clarification let me know.</FONT>
</P>
<P><FONT SIZE=2>Not completely sure about this, but IIRC "who" determines who's </FONT>
<BR><FONT SIZE=2>logged in by examining the system utmp file (usually /etc/utmp </FONT>
<BR><FONT SIZE=2>or /var/run/utmp). It's the responsibility of login programs to </FONT>
<BR><FONT SIZE=2>record login/logout events in this file. If you kill root's ssh </FONT>
<BR><FONT SIZE=2>session abruptly with kill -9, then chances are, root's logout </FONT>
<BR><FONT SIZE=2>didn't get noted in the utmp file.</FONT>
</P>
<P><FONT SIZE=2>First of all, stop the SSH service and type `pidof sshd` to make </FONT>
<BR><FONT SIZE=2>there are no running sshd processes. Then login as root, </FONT>
<BR><FONT SIZE=2>logout, and see if the problem goes away.</FONT>
</P>
<P><FONT SIZE=2>-- </FONT>
<BR><FONT SIZE=2>Kelledin</FONT>
<BR><FONT SIZE=2>"If a server crashes in a server farm and no one pings it, does </FONT>
<BR><FONT SIZE=2>it still cost four figures to fix?"</FONT>
</P>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2><A HREF="http://www.ntlug.org/mailman/listinfo/discuss" TARGET="_blank">http://www.ntlug.org/mailman/listinfo/discuss</A></FONT>
</P>
</BODY>
</HTML>