[Webinar] Learn how to a build a cloud-first strategyRegister Now


How to show last login to user at login time

Posted on 2005-04-18
Medium Priority
Last Modified: 2012-05-05
Hi all,

As an audit point, I need to display the last time a user logged into a system each time that they login. The servers in question run RHEL 3

According to the man page for login, if  the file .hushlogin exists, then a "quiet" login is performed (this disables the checking of mail and the printing of the last  login  time). I've double checked, and no file named .hushlogin exists.

I have tried uncommenting PrintLastLog yes in my sshd_config, but this has not solved the problem.
Question by:Anonymouslemming
  • 4
  • 3
  • 2
  • +2

Expert Comment

ID: 13805495
Reload sshd (killall -HUP sshd) with new config. Warning: this will clase active connections. I've just tested that on my box and it worked all well :)

LVL 38

Expert Comment

ID: 13808147
> PrintLastLog yes in my sshd_config, but this has not solved the problem.
By default for RHEL3, "PrintLastLog yes" is set. So usually you don't need to do anything to get
login as: wesly
wesly@lnx-wesly's password:
Last login: Thu Apr 14 13:40:45 2005 from hello
Unless your .cshrc, .bashrc, .profile or .login have a command called "reset" or some commands refresh the
So rename those .bashrc (.profile, .cshrc, .login) and try it login again first.

Besides, any change in /etc/ssh/sshd_config need to restart sshd to take effect.
service sshd restart

Expert Comment

by:David Piniella
ID: 13818308
also check /etc/profile or /etc/bashrc if they exist -- they may have the hush there or reference the various shell config files that wesley is talking about.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 13819566
I have restarted sshd after making the change. I will check the other options tomorrow

Author Comment

ID: 13822601
I've tried a bunch of stuff today... Our sshd_config has the following unquoted entries:

Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
StrictModes yes
RhostsAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
X11Forwarding yes
PrintLastLog yes
UsePrivilegeSeparation yes
Subsystem       sftp    /usr/libexec/openssh/sftp-server

I've actually done a service sshd stop; sleep 5 ; service sshd start on the console and this has still not solved the problem.

I'm comparing this to a fedora core machine where everything works, and with that exact config on the fedora machine, I get the last login printed.

I've grepped for hush and reset in /etc/bash*, /etc/profile*, ~/.bash* ~/.pro* ~/.lo* and not found anything.

Any further pointers ?
LVL 38

Expert Comment

ID: 13827250
Did you try login as different user?

Expert Comment

by:David Piniella
ID: 13827297
grepping /etc/[bashrc profile] might not give you any real results since those are usually pointer files to a user's $HOME/.bashrc ....might want to
a) login as another user, as wesley suggests above
b) change the user's shell and try to login
c) copy the .bashrc/.profile/.bash_profile of a user that does get the output to the home dir of the user that doesn't

Author Comment

ID: 13828883
I've created a new user just using adduser and the behaviour is exactly the same. I've removed .bash*, .profile* and .login* (the last 2 didn't exist) and the problem still occurs.

The only thing I've _not_ done yet is try this on a different server. I will do that tomorrow and update this question.

Accepted Solution

macker- earned 1000 total points
ID: 13829985
This is non-standard behavior for RedHat ES.  Do you see the LastLogin info when signing on at console?

Try "last -n 2 username"; it should show your current login, as well as the previous login.  If it does not, then there's a problem with wtmp and/or other files.  Could even be a permissions issue.

Has there been any customization, security hardening, etc. to the server?
LVL 38

Assisted Solution

wesly_chen earned 1000 total points
ID: 13830986
Macker, good thought. Check the permission/size of /var/log/wtmp.
service syslog stop
mv /var/log/wtmp /var/log/wtmp.bak
touch /var/log/wtmp
service syslog start

Author Comment

ID: 13831950
last -n 2 myuser does show current and last login, yes.

We have run Bastille, which I hadn't even considered until now - I'll have a look into that as well - thanks for the pointer :)

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question