Full replay logs of OpenSSH sessions

Nico Kadel-Garcia nkadel at gmail.com
Thu Jan 12 01:08:27 EST 2012


On Wed, Jan 11, 2012 at 7:02 AM, Richard Hartmann
<richih.mailinglist at gmail.com> wrote:
> Hi all,
>
> I am not 100% sure if this is a -dev or a -user topic, but I am
> leaning towards the former. Feel free to cuss at me and tell me to ask
> -user, instead.
>
>
> I used to run a patchset that allowed full logs of everything taking
> place via OpenSSH. This also allowed me to replay any session, live or
> after the fact.
>
> I am fully aware of the security implications of logging everything,
> especially regarding passwords.
>
> Still, in this specific case, I need full logs due to due diligence
> requirements.
>
>
> Is anyone aware of such a patchset or another way to achieve this goal?

Talk to Centrify, at www.centrify.com. They've got a fascinating
toolkit for integrating Active Directory authentication with Linux and
UNIX authentication, and due diligence tools for monitoring nsessions.
Can't remember if they modified the sshd this way, but they certainly
had tweaked logins for such keystroke monitoring.

You might also have a word with Sandstorm Enterprises, the company
that makes NetInterceptor about man-in-the-middle against SSH. Their
tools are pricey, but scarey useful for due diligence monitoring and
debugging. I'm not sure whether they can carry out man-in-the-middle
SSH sessions without easy detection.


More information about the openssh-unix-dev mailing list