RHEL 10 must be configured so that the Secure Shell (SSH) daemon displays the date and time of the last successful account login upon an SSH login.

Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use. OpenSSH uses the first occurrence of a keyword it sees, and drop-in files are read in lexicographical order at the start of the configuration. Red Hat recommends using drop-in files rather than changing base configuration files.

Verify RHEL 10 SSH daemons provide users with feedback on when account accesses last occurred with the following command: $ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*printlastlog' /etc/ssh/sshd_config.d/10-stig.conf:PrintLastLog yes Verify the runtime setting with the following command: $ sudo sshd -T | grep -i printlastlog printlastlog yes If the "PrintLastLog" keyword is not set to "yes" in a drop-in that lexicographically precedes 50-redhat.conf, or if no output is returned, this is a finding.

Configure RHEL 10 SSH daemons to provide users with feedback on when account accesses last occurred. In "/etc/ssh/sshd_config.d", create a drop file that will lexicographically precede 50-redhat.conf and add the following line: PrintLastLog yes Restart the SSH service with the following command for the changes to take effect: $ sudo systemctl restart sshd.service