Full replay logs of OpenSSH sessions
Richard Hartmann
richih.mailinglist at gmail.com
Fri Jan 13 20:48:57 EST 2012
On Fri, Jan 13, 2012 at 05:53, Peter Stuge <peter at stuge.se> wrote:
> Nico Kadel-Garcia wrote:
>> "In the background" is the problem. Richard wants to want tio embed a
>> recording keystroke monitor in SSH itself, which is anathema to the
>> very concept of a secure encryption channel.
>
> Well yes and no.. But politics aside, I think sshd is a terrible
> place to introduce this surveillance from a purely technical point
> of view.
I agree that this can be a very dangerous thing to do, but as with
other tools, admin discretion and informed users are needed. Everyone
who will ever access this machine (legally) _wants_ this to happen on
this one machine.
Focusing on the technical part, there are three places which make some
sense, imo:
* In the *ty:
Maybe the best place, but there is nothing current I could find.
ttyrpld [1] is ancient and unmaintained, and UML tty logging is not
working outside of a UML guest.
* In the shell:
Needs to wrap around all shells or forces us to patch at least zsh and
bash and then thoroughly disable chsh.
* In ssh:
I know that raw logging can catch crap, but back when we used the
posted patch, it worked wonderfully for what we needed to do.
At the risk of drifting off topic, if anyone has a suggestion for
_unavoidable full session logs_ (no X required) outside of SSH with
FLOSS tools, please pipe up.
Thanks,
Richard
[1] http://ttyrpld.sourceforge.net/desc.php
More information about the openssh-unix-dev
mailing list