Originally posted by: brinaw
Hello. I've just hit this one too, on separate AIX 5.3 systems, one at TL06 and the other is a freshly installed ML4 system. I'm using OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006 (IBM versions off the CDs). I've not tried switching to SSH 4.7 yet - looking forward to getting the IBM version of that.
I ran sshd in debug mode and saw the error "Attempt to write login records by non-root user (aborting)" when a session tried to login using SSH under a non-privileged account. The error doesn't appear if I use SSH to log into root. Neither SSH session appears to log anything to wtmp or utmp. Hence who reports nothing, and "who am i" in the sessions reports just the username and login terminal, but no date or source for the login.
I've tried changing the sshd_config to set "UsePrivilegeSeparation no" but this didn't fix it. I've seen other discussions and checked all file permissions are correct.
Now I'm stuck since our auditors won't be impressed if no SSH logins get recorded. May need to add some home-made audit logging code in /etc/profile if I can't get SSHD to do it.
Has anyone else got any more info on this?
Cheers
#AIX-Forum