Detailed logging of ssh sessions
Alex Zbyslaw
xfb52 at dial.pipex.com
Sun Jun 19 21:58:39 GMT 2005
Bill Moran wrote:
>I'd like to start logging everything that
>happens during any ssh login (since all our work on these machines is
>via ssh). I understand, and frequently use script(1), but I want this
>to be required. I have two goals:
>1) If someone manages to guess a password and break in, I want a log
> of what they're doing.
>2) I want 100% guarantee that everything we do is recorded, to make
> future debugging of configuration mistakes easier.
>
>I've been researching sshd, and it doesn't seem as if it has this
>capability.
>
I think you're looking in the wrong place for this functionality. SSH
is just a point-to-point connector. The functionality you want should
come in some way from the login shell. Whether some shell out there
already does this, or whether you could just use script itself somehow,
I couldn't tell you. I'd just experiment with using script in some way
-- perhaps writing a C program to be the shell which forks and execs
script with suitable parameters such as a filename based on the date,
tty, user etc. Or starting with script and modifying it to work as a
login shell which did that stuff.
If you really want this to be secure, the log files ought to be on a
read-only medium. If someone hacks root they can delete the trace
--Alex
More information about the freebsd-questions
mailing list