Logging of client commands, possible?
RGiersig at a1.net
RGiersig at a1.net
Thu Mar 14 02:15:41 EST 2002
> OpenSSH is already providing TTY services; logging
> functionality is all over the place in TTY tools(script,
> most GUI telnet clients, etc.) This ain't a big jump;
> in fact I'd be surprised if it's more than a few
> dozen lines of code to diff in.
Oh yeah, didn't think about that, the SSH client is also missing
logging facilities (like xterm and telnet).
> A *really* nice aspect of friendly TTY logs (we'll leave
> attacker-logs to the SAR reports, though I doubt there's any
> disagreement that TTY logs would supplement SAR's by helping
> filter out innocent traffic) is that they'd automatically drop
> whatever didn't show up on the TTY, i.e. typed passwords.
> That would make captured logs an order of magnitude less security
> sensitive -- big win.
Hmm, turning off logging when the pty is set to -echo? Nice idea, but
I'd definitely would make that optional so the admin still can
specify: "I want all, I might have to deal with black hats" or "OK, I
just want to see what trusted users are doing and if they are doing
something fishy". If a trusted user does the whole session with -echo,
that's definitely finshy...
> ...
> Thoughts? I definitely see your perspectives on
> this... perhaps we can limit abuses by making this a
> compile time option? Mind you, I *hate* compile time
> options, but we could at least throw up a banner
> referencing ECPA1986 if it was enabled.
No, please, no compile-time options!! I'd propose amending the
connection protocol so the client can display a warning like "WARNING!
This connection will be logged on the server side. Do you still want
to connect? (Y/N)", but then you need some way to always answer 'yes'
to that for automatisation purposes etc. You could store that as an
option with the hostkeys... <wanders off into the darkness mumbling>
Roland
--
RGiersig at cpan.org
More information about the openssh-unix-dev
mailing list