M doc/guix.texi => doc/guix.texi +4 -0
@@ 9352,6 9352,10 @@ Because PAM challenge response authentication usually serves an
equivalent role to password authentication, you should disable either
@code{challenge-response-authentication?} or
@code{password-authentication?}.
+
+@item @code{print-last-log?} (default: @code{#t})
+Specifies whether @command{sshd} should print the date and time of the
+last user login when a user logs in interactively.
@end table
@end deftp
M gnu/services/ssh.scm => gnu/services/ssh.scm +13 -0
@@ 279,6 279,8 @@ The other options should be self-descriptive."
(challenge-response-authentication? openssh-challenge-response-authentication?
(default #f)) ;Boolean
(use-pam? openssh-configuration-use-pam?
+ (default #t)) ;Boolean
+ (print-last-log? openssh-configuration-print-last-log?
(default #t))) ;Boolean
(define %openssh-accounts
@@ 298,6 300,14 @@ The other options should be self-descriptive."
(mkdir-p "/etc/ssh")
(mkdir-p (dirname #$(openssh-configuration-pid-file config)))
+ (define (touch file-name)
+ (call-with-output-file file-name (const #t)))
+
+ (let ((lastlog "/var/log/lastlog"))
+ (when #$(openssh-configuration-print-last-log? config)
+ (unless (file-exists? lastlog)
+ (touch lastlog))))
+
;; Generate missing host keys.
(system* (string-append #$(openssh-configuration-openssh config)
"/bin/ssh-keygen") "-A")))
@@ 336,6 346,9 @@ The other options should be self-descriptive."
(format port "UsePAM ~a\n"
#$(if (openssh-configuration-use-pam? config)
"yes" "no"))
+ (format port "PrintLastLog ~a\n"
+ #$(if (openssh-configuration-print-last-log? config)
+ "yes" "no"))
#t))))
(define (openssh-shepherd-service config)