From: jaeger@mmf-research.de   
      
   This is a multi-part message in MIME format.   
   In my opinion, this bug deserves more attention, as it might be relevant   
   for security:   
      
   If configured with "PrintLastLog yes" (the default), openssh-server   
   checks /var/log/lastlog. It prints a *LastLogin: Date from IP* message   
   in the post-login banner. Deprecation of lastlog functionality in Debian   
   13 Trixie effectively disables the LastLogin notice. Discussion should   
   focus around the functionality, i.e. whether or not future   
   openssh-server editions should *provide an option to display the last   
   login in the banner*. The option name *PrintLastLog *refers to its   
   implementation (i.e. inspection of /var/log/lastlog), which is   
   unfortunate. If the functionality was to be continued, it should be   
   renamed to *PrintLastLogin *(or similar). But most importantly, it would   
   have to find another source of information, like the journal.   
      
   Therefore, I believe that *countless workaround proposals *found on the   
   internet *hide rather than address the problem*. Creating an empty   
   /var/log/lastlog might keep openssh-server quiet about not finding the   
   file, but it surely will not supply any information about the last user   
   login. The same ist true for attempts to stop those messages from   
   appearing in the journal.   
      
   Andreas   
      
      
      
        
      
          
        
        
       
In my opinion, this bug deserves more attention, as it might be   
         relevant for security:
   
       
If configured with "PrintLastLog yes" (the default),   
         openssh-server checks /var/log/lastlog. It prints a LastLogin:   
           Date from IP message in the post-login banner. Deprecation   
         of lastlog functionality in Debian 13 Trixie effectively disables   
         the LastLogin notice. Discussion should focus around the   
         functionality, i.e. whether or not future openssh-server editions   
         should provide an option to display the last login in the   
           banner. The option name PrintLastLog refers to its   
         implementation (i.e. inspection of /var/log/lastlog), which is   
         unfortunate. If the functionality was to be continued, it should   
         be renamed to PrintLastLogin (or similar). But most   
         importantly, it would have to find another source of information,   
         like the journal.
   
       
Therefore, I believe that countless workaround proposals found   
         on the internet hide rather than address the problem.   
         Creating an empty /var/log/lastlog might keep openssh-server quiet   
         about not finding the file, but it surely will not supply any   
         information about the last user login. The same ist true for   
         attempts to stop those messages from appearing in the journal. 
   
       
Andreas
   
        
      
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)