Full replay logs of OpenSSH sessions

Peter Stuge peter at stuge.se
Fri Jan 13 16:53:05 EST 2012


Nico Kadel-Garcia wrote:
> >> By doing things in the background so to speak, i.e. ssh directly,
> >
> > ssh doesn't really have much to do with this.
> >
> > Maybe you can use http://sourceforge.net/projects/snoopylogger/
> 
> "In the background" is the problem. Richard wants to want tio embed a
> recording keystroke monitor in SSH itself, which is anathema to the
> very concept of a secure encryption channel.

Well yes and no.. But politics aside, I think sshd is a terrible
place to introduce this surveillance from a purely technical point
of view.

SSH is an agnostic transport. It's not the only way to log in to a
system and it's not the only way to execute commands on a system.

Also, using SSH says nothing about what goes on *inside* the channel.

Please look at the protocol a little. There is very very little that
has anything to do with logging in, in the protocol.

There are sessions and channels. Surveillance of sessions is easy
enough, because all that happens is that they get created,
authenticated, and torn down. Everything about the sessions is
structured and specified in the protocol.

Channels are a completely different matter however. They have no
structure whatsoever, and nothing is known in sshd about the
structure of what goes on in the majority of channels.

If you're going to do surveillance of users, then at least do it
somewhere where it makes sense.


//Peter


More information about the openssh-unix-dev mailing list