Detailed logging of ssh sessions
Bill Moran
wmoran at potentialtech.com
Sun Jun 19 22:48:23 GMT 2005
Alex Zbyslaw <xfb52 at dial.pipex.com> wrote:
> Bill Moran wrote:
>
> >I'd like to start logging everything that
> >happens during any ssh login (since all our work on these machines is
> >via ssh). I understand, and frequently use script(1), but I want this
> >to be required. I have two goals:
> >1) If someone manages to guess a password and break in, I want a log
> > of what they're doing.
> >2) I want 100% guarantee that everything we do is recorded, to make
> > future debugging of configuration mistakes easier.
> >
> >I've been researching sshd, and it doesn't seem as if it has this
> >capability.
>
> I think you're looking in the wrong place for this functionality. SSH
> is just a point-to-point connector. The functionality you want should
> come in some way from the login shell.
I suspected that might be the way to go, but I've been unable to get
anything working so far.
<snip>
> If you really want this to be secure, the log files ought to be on a
> read-only medium. If someone hacks root they can delete the trace
Logging is done both on and off-machine (i.e. syslog logs locally, and
sends the logs to a dedicated logging machine as well)
As long as I can use syslog for the logging, I've got my secure logs.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list