logging command line execs

Phil Dibowitz phil at ipom.com
Tue May 6 17:47:09 EST 2003

Hey folks,

As part of a local change, we like to authlog the commands executed via 
command line, i.e.:

    ssh user at host "somecommand"

And I was able to modify session.c like so:

      case SSH_CMSG_EXEC_CMD:
                         if (type == SSH_CMSG_EXEC_CMD) {
                                 command = packet_get_string(&dlen);
                                 debug("Exec command '%.500s'", command);
                                 /* LOCAL CHANGE: We log this */
                                 log("User %.100s attempting to 
execute 	comand '%.500s' on command line", s->pw->pw_name, command);
                                 do_exec(s, command);
                         } else {

But as you might recognize, this snipet is from the do_authenticated1() 
function - which is obviously for ssh protocol 1.

I cannot find the ssh protocol 2 counterpart of this code. The 
do_authenticated2() function simply calls server_loop2(), which does 
some child care, and I've followed various functions that are called in 
server_loop2(), and never do I find anything that seems to be checking 
for a command from the command line of the client and executing it.

I'm sure its there, because clearly such functionality works, however I 
cannot find the code responsible for it. It seems it should be in 
do_authenticated2(), but its not.

If anyone could point me to the file/function/code/etc. where this 
happens for ssh protocol 2, I would be very appreciative.

Phil Dibowitz                             phil at ipom.com
Freeware and Technical Pages              Insanity Palace of Metallica
http://www.phildev.net/                   http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
  - Benjamin Franklin, 1759

More information about the openssh-unix-dev mailing list