← Rules Catalog
lowaccess-controlverified rollback-safe

Enable SSH PrintLastLog

ssh-print-last-log · RHEL ≥ 8 · 2 impls

Description

The SSH daemon must display the date and time of the last successful login upon user authentication. This provides users with immediate awareness of when their account was last accessed, enabling them to detect unauthorized use.

Rationale

Displaying the last login timestamp alerts legitimate users to potential unauthorized access. If an attacker has compromised an account, the user will see an unexpected login time or source, providing an early warning that their credentials may have been stolen.

Check → Remediate

Checksshd_effective_config
key:
printlastlog
expected:
yes
Remediateconfig_set
path:
/etc/ssh/sshd_config
key:
PrintLastLog
value:
yes
separator:
reload:
sshd

Framework references

STIG

V-230382 / RHEL-08-020350V-258009 / RHEL-09-255165V-281260 / RHEL-10-700570

NIST 800-53

AC-9

Live verification

rhel10:checkrhel8:checkrhel9:check
#ssh#logging#last-login