openssh logging of remote commands in syslog

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Thu Mar 8 09:33:43 EST 2001


On Wed, 7 Mar 2001, Kevin Taylor wrote:

> Pekka Savola wrote:
> > 
> > On Wed, 7 Mar 2001, Kevin Taylor wrote:
> > 
> > >
> > > Another wonderful email from me. :)
> > >
> > > The ssh.com version of ssh will log information on the remotely executed
> > > command in the syslog:
> > >
> > > Mar  7 15:29:20 6D:marx sshd[21346]: log: executing remote command as
> > > root: ls
> > >
> > > It seems that openssh doesn't do that by default. If you put the server
> > > in debug mode you'll see the command, but a lot of extra stuff that you
> > > don't want to see.
> > 
> > IMO, this kind of logging can be rather intrusive..
> >
> 
> Well, maybe it can be something added to a different log level.
> Something that is not as severe as debug, so it can be set to be logged
> or not....but also not get gobs of info that lower log levels provide
> 

I'd rather not see this crap in my /var/log/messages.  If it was to be
done it should be logged to /var/log/sshd.log.  There are still WAY too
many machines that have /var/log/messages set world readable by
default.   

Besides, this functionality is best left up to the auditd and other such
software that does auditing of userspace commands.  It really has no place
in sshd, IMHO.

- Ben






More information about the openssh-unix-dev mailing list