Logging all user commands

Lokesh Gupta lgupta1 at hotmail.com
Sat Feb 6 15:42:51 EST 2010



We are looking to implement a solution where in the background we want to capture all the commands typed by a user.


One of the ways we are thinking of achieving this is to make some changes at an appropriate place in the ssh client's program flow. Given the ssh client eventually sends the command typed by the user to the sshd, I am sure somewhere within ssh program there is a place where the "string" typed by the user is present.


Can someone please tell?


(i) If there already is a string that carries the command that has been typed by the user? If so, do you know where it is? Which file we should be looking at in the ssh codebase?


(ii) Is this feature already implemented by someone? If so, we can perhaps just leverage that rather than doing any additional coding for this?


Business Reasons for why this is required


Typically in a large puclic enterprise, you want to make sure that there is controlled access to your production environments. In addition, you also want to make sure that you have some sort of audit trail in place when a person has logged in to the production environment and know what commands s/he has typed - this one one side acts as a deterrent to someone who is not being a good corporate citizen, and at the same time also helps analyze what did we do wrong when say doing a post-mortem of a production issue for which someone had to login to a prod box and do some fixes.


Any help with this will be greatly appreciated.




Hotmail: Powerful Free email with security by Microsoft.

More information about the openssh-unix-dev mailing list