Logging of client commands, possible?

[Dan Kaminsky]

> I think you misunderstood this.  Markus is just proposing a dump
> format, which IMHO makes perfect sense.  After decrypting the packet it
> gets dumped in the same format that tcpdump is using, so you then can
> use 'tcpdump -r dumpfile' to display it.  Did I get that right?

tcpdump parses packet headers(IP, TCP, etc.)

sshd just gets a reliable socket to suck data from.  It doesn't decrypt
packets, it decrypts the datastream off the socket, whether it's coming from
packets or not.  That's why we can do something like:

ssh -o "ProxyCommand sshd -i" user at host

what are you suggesting, faking packet headers? :-)

--Dan