Logging of client commands, possible?
Dan Kaminsky
dan at doxpara.com
Wed Mar 13 09:43:47 EST 2002
> Regardless, activity logging, other than TTY logging, doesn't belong in
> sshd, and tty logging can be done externally to sshd, with varying
> degrees of difficulty depending on what facilities the OS provides.
The ugliness of doing this for each platforms begs for a SSHD solution.
Interesting point: Disable tty-less modes, port forwarding, and direct
command execution on a machine with no other way in but sshd (and no way
back out) and indeed tty logging *does* capture the total set of available
behaviors for that machine. This was actually done for a rather critical
machine providing access
There might be some exceptions, but you just can't deny that it's certainly
imaginable that it's more useful to see a TTY log than the output of
"/bin/sh -x" on an arbitrary shell script...that's kinda my feeling about
the interactive logs. If nothing else, it's a critical adjunct to obtuse
SAR logs.
Hell, .bash_history is useful, and there ain't much that's easier to screw
with.
--Dan
More information about the openssh-unix-dev
mailing list