lowaccess-controlverified ✓rollback-safe
Enable SSH PrintLastLog
ssh-print-last-log · RHEL ≥ 8 · 2 impls
Description
The SSH daemon must display the date and time of the last successful login upon user authentication. This provides users with immediate awareness of when their account was last accessed, enabling them to detect unauthorized use.
Rationale
Displaying the last login timestamp alerts legitimate users to potential unauthorized access. If an attacker has compromised an account, the user will see an unexpected login time or source, providing an early warning that their credentials may have been stolen.
Check → Remediate
Checksshd_effective_config
- key:
- printlastlog
- expected:
- yes
Remediateconfig_set
- path:
- /etc/ssh/sshd_config
- key:
- PrintLastLog
- value:
- yes
- separator:
- reload:
- sshd
Framework references
STIG
V-230382 / RHEL-08-020350V-258009 / RHEL-09-255165V-281260 / RHEL-10-700570
NIST 800-53
AC-9
Live verification
rhel10:checkrhel8:checkrhel9:check
#ssh#logging#last-login