I have hit the googles as much as I can on this, being specific to OS X, I am not finding an answer. Nothing is wrong, but curiosity levels are high.
$ssh
[email protected]
Password:
Last login: Wed Apr 7 21:28:03 2010 from my-laptop.local
^lonely tylenol^
Line 1 is my command
line 2 is the shell asking for the password
line 3 is where my question comes from
line 4 comes out of /etc/motd
I can find nothing in ~/ of an of the .bash* files that contains the string "Last Login", and would like to alter it. It performs some type of hostname lookup, which I can not determine.
If I ssh to another host:
$ssh
[email protected]
Last login: Wed Apr 7 21:14:51 2010 from 123-234-321-123-some.cal.isp.net.example
hi there, you are on box 456
line 1 is my command
line 2 is again, where my question comes from
line 3 is from /etc/motd
*The dash'd
IP address is not reversed
On this remote host, I have ~/.ssh and it's corresponding keys set up, so there was no password request
Where is the "Last Login:" coming from, where does the date stamp come from, and most importantly, where does the hostname come from?
While on
[email protected] (box 456)
$echo hostname
remote.location.example456.com
Or with dig, to make sure I have rDNS/PTR set up, for which I am not authoritative, but my ISP has correctly set...
$dig -x 123.234.321.123 PTR remote.location.example456.com
or
$dig PTR 123.321.234.123.in-addr.arpa. +short
remote.location.example456.com.
my previous hostname used to be 123-234-321-123-some.cal.isp.net.example, which I set with hostname -s remote.location.example456.com, because it was obnoxious to see such a long name. That solves the value of $echo hostname which now returns remote.location.example456.com.
Mac OS X, 10.6 is this case, does seem to honor:
touch ~/.hushlogin
If leave that file empty, I get nothing on the shell when I login. I want to know what controls the host resolution of the
IP, and how it is all working. For example, running last reports a huge list of my logins, which have obtusely long hostnames, when they would be preferable to just be remote.location.example456.com.
More confusing to me, reading the man page for wtmp and lastlog, it looks like lastlog is not used on OS X, /var/log/lastlog does not exist. Actually, none of these exist on 10.5 or 10.6:
/var/run/utmp The utmp file.
/var/log/wtmp The wtmp file.
/var/log/lastlog The lastlog file.
If I am to assume that the system is doing some kind of reverse lookup, I certainly do not know what it is, as it is not an accurate one.
