logging command line execs
Phil Dibowitz
phil at ipom.com
Tue May 6 17:47:09 EST 2003
Hey folks,
As part of a local change, we like to authlog the commands executed via
command line, i.e.:
ssh user at host "somecommand"
And I was able to modify session.c like so:
--------------------------------------
case SSH_CMSG_EXEC_CMD:
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
/* LOCAL CHANGE: We log this */
log("User %.100s attempting to
execute comand '%.500s' on command line", s->pw->pw_name, command);
do_exec(s, command);
xfree(command);
} else {
--------------------------------------
But as you might recognize, this snipet is from the do_authenticated1()
function - which is obviously for ssh protocol 1.
I cannot find the ssh protocol 2 counterpart of this code. The
do_authenticated2() function simply calls server_loop2(), which does
some child care, and I've followed various functions that are called in
server_loop2(), and never do I find anything that seems to be checking
for a command from the command line of the client and executing it.
I'm sure its there, because clearly such functionality works, however I
cannot find the code responsible for it. It seems it should be in
do_authenticated2(), but its not.
If anyone could point me to the file/function/code/etc. where this
happens for ssh protocol 2, I would be very appreciative.
Thanks,
--
Phil Dibowitz phil at ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759
More information about the openssh-unix-dev
mailing list