Logging of client commands, possible?
RGiersig at a1.net
RGiersig at a1.net
Thu Mar 14 00:51:16 EST 2002
> > I won't speak for the others, but I don't want to turn OpenSSH into
> > snoopware. All the more so if the snopping is going not going to be
> > effective (e.g. whiterabbit.sh, whiterabbit.bin).
>
> I agree with Damien here.
>
> I'm just interested in the plaintext for debugging the protocol
> implementation. It's not OpenSSH's job to spy the users.
Well, that's a matter of usage, not technical capability. Most tools
can be used for both good and bad. How about amending the startup
protocol to tell the client "This session will be logged."?
Apart from that, SSHs job is to secure communication *between* hosts,
not what is going on inside. An evil admin can still add some sort of
snooping, e.g. by modifying/wrapping the user's shell, so IMHO it
doesn't make sense to take a holier-than-you stance on this issue.
Knifes are much too useful for cutting your lunch meat to be abolished
because you can stab people with them. And I see SSH as a swiss army
knife. Now *firearms* are a different matter...
Roland
--
RGiersig at cpan.org
More information about the openssh-unix-dev
mailing list