How to Enable Last Login Information for SFTP chroot and non-chroot users


In this guide, we are looking into a PAM implementation. By default, SFTP chroot and non-chroot users last login information will not be saved, To get the same we need to configure the PAM.

While the security team looks for each and every log from our server it’s system admin responsible to implement the logging system, This guide applies for both RHEL 6 & 7 based operating systems.

Enabling last log information for SFTP users in Red Hat Enterprise Linux and variants.

Step: 1

Before starting with implementing PAM let us verify whether pam module enabled and PAM support enabled in sshd_config using a simple grep.

# grep "pam_lastlog" /etc/pam.d/sshd
# grep "UsePAM" /etc/ssh/sshd_config

Edit and configure the PAM settings to “Yes” in SSHD configuration to start using PAM.

# vi /etc/ssh/sshd_config
Step 3:

Enable by adding in the first line of the session section above the SELinux.

# vi /etc/pam.d/sshd

Add only the first line which contains

session required  # Append with only this line.
session required close
session required

Step 4:

Restart the SSHD service and check for the status.

# systemctl restart sshd
# systemctl status sshd

Finally, the last log will start to log all SFTP chroot user and non-chroot user log-in information under the wtmp file.

# lastlog

That’s it, We have managed to enable last log information for SFTP Chroot and non-chroot users.

Provide your feedback in below comment section we are looking forward to hearing something from you.


Leave a Reply

Your email address will not be published. Required fields are marked *