Full replay logs of OpenSSH sessions
L B
guyverdh at hotmail.com
Fri Jan 20 02:55:50 EST 2012
I know that this suggestion isn't part of openssh, but I use it daily and it works.
Install or use one of the later revs of sudo which incorporates the sudoreplay feature.
Make sure the sudoers file is configured to enable capture of i/o.
These are the entries I use..
Defaults log_output,log_input
Defaults!/usr/bin/sudoreplay !log_output,!log_input
Defaults!/usr/sbin/reboot !log_output
Then sudo to yourself, and proceed to ssh to wherever you'd like to go.
Your entire session will be captured.
To list your logs, use
sudo sudoreplay -l
to replay a session, use
sudo sudoreplay sessionid
Hope this helps.
More information about the openssh-unix-dev
mailing list