Logging of client commands, possible?
Damien Miller
djm at mindrot.org
Thu Mar 14 09:28:56 EST 2002
On Thu, 14 Mar 2002, Dan Kaminsky wrote:
> > Yes, you are right.
> >
> > And because SSH does not care about what's going on inside it does
> > not snoop ttys. On Unix, tools should do _one_ thing and do it well, not
> > 1000 things is a very mediocre way.
>
> Markus,
>
> If I wanted one tool to do one thing, I'd use Telnet over SSL. :-)
> OpenSSH is *all* about the integration of generic encapsulators into a
> common tool. In this case, we'd be integrating a cross platform method to
> encapsulate TTY logging methods, as an alternative to painful, non-portable
> solutions.
... and it will still be useless against anyone with 1/4 of a clue, who
can upload a script or binary and execute that.
The place for this is a dedicated tty snooper or, better yet, real system
audit logs.
-d
More information about the openssh-unix-dev
mailing list