20

I would like to edit the Last login: information that is printed out along with the message of the day, yet I can't find the script which generates and echoes out.

Where is it defined, in an easy-to-edit shell script, or closed off in a binary?

Note, this is different from ServerFault: How can I edit the welcome message when ssh start?. The "last login" information is not printed out from inside /etc/update-motd.d/, but is instead defined by setting the PrintLastLog flag, and can therefore not be edited like the other parts of the message of the day.

Community
  • 1
IQAndreas
  • 1,640

4 Answers4

19

Looks like the format of the printed line is compiled into sshd:

[me@risby ~]$ ssh lory
Last login: Fri May 23 10:59:01 2014 from 2a01:2c0:e:300:7271:bcff:feac:445a
[me@lory ~]$ strings /usr/sbin/sshd | grep -i "last login"
Last login: %s
Last login: %s from %s

I can't see any config option for changing that either, so you will need to edit the source and recompile.

Edit: In the limiting case, you can find source at http://www.openssh.org. But you don't tell us that you're using OpenSSH, or anything about your platform, so it's hard to be more specific. If it's a Linux system, you would do much better to get the source appropriate to your distro in the usual way, and recompile through your distro-specific mechanisms.

But really, you shouldn't do this at all unless you have an extremely-compelling business reason to do so: you're making a maintenance nightmare for yourself, going to a hand-compiled version of a security-sensitive package.

MadHatter
  • 81,580
6

The last login information is stored in /var/log/wtmp or /var/log/utmp they are binary files. Without looking at the source code for sshd I can't be entirely sure but I would expect that it is retrieving the information from those files using suitable system calls

It seems unlikely you'll find a way to easily change this information it is after all part of the users security.

If you really want the gory details then you need to look at the source code for the function login_get_lastlog which can be found in loginrec.c

user9517
  • 117,122
4

Another solution would be to clear the screen at the beginning of the motd file like so:

^[[H^[[2J
whatever was originally in the motd file here

Note: replace ^[ with the escape symbol (which you can create in the nano editor by pressing the following keys: esc+v+esc)

user514464
  • 41
  • 2
-2

Perhaps some work around in case you just want to change last login IP?

For example, you can change the shown IP address to "localhost" by logging in to ssh again from remote controlled machine!

Remote login via ssh >> ssh username@localhost

Now the last IP recorded will be localhost

caffeine
  • 113