Detailed logging of ssh sessions
Glenn Dawson
glenn at antimatter.net
Sun Jun 19 23:59:03 GMT 2005
At 08:38 AM 6/19/2005, Bill Moran wrote:
>I've been researching this, and so far haven't found a way to do what I
>want to do.
>
>I have servers here and there, that should only be accessible by a limited
>number of administrators via ssh (i.e. mail and web servers, firewalls).
>
>As an added security measure, I'd like to start logging everything that
>happens during any ssh login (since all our work on these machines is
>via ssh). I understand, and frequently use script(1), but I want this
>to be required. I have two goals:
>1) If someone manages to guess a password and break in, I want a log
> of what they're doing.
>2) I want 100% guarantee that everything we do is recorded, to make
> future debugging of configuration mistakes easier.
>
>I've been researching sshd, and it doesn't seem as if it has this
>capability. Web searches have not yet turned up anything ... I'm guessing
>I'm not searching for the right phrases, since I can't believe I'm the
>only one doing this.
>
>Any advice or pointers are welcome.
This looks like it might do the trick for you:
http://honeypots.sourceforge.net/modified_script.html
-Glenn
>--
>Bill Moran
>Potential Technologies
>http://www.potentialtech.com
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list