Log ssh sessions using open source tools

Jochen Bern Jochen.Bern at binect.de
Tue Nov 6 09:34:11 AEDT 2018


On 11/03/2018 06:08 PM, Kaushal Shriyan wrote:
> Are there any open source tools to keep track of ssh sessions? For example,
> if a specific user is ssh logging to remote server and what commands or
> scripts are being run. Basically, i need to log all users sessions.

Which part of the remote connection is the one you need audited? The
system(s) your users are ssh'ing *out* of, resp. the users themselves
("we need to review what our staff did to whatever customer system they
did support on"), the ones they're ssh'ing *into*, or just some subset
("privileged commands") of the activity on the latter?

For the last case, the use of individual accounts, "sudo", suitable
configurations(*), and the "sudoreplay" tool might give you out of the
box what OpenSSH alone would need to be heavily modified to do.

(*) Namely, making sshd log enough information to identify the incoming
users and making sudo use an I/O logging plugin.

https://www.sudo.ws/man/1.8.25/sudoers.man.html#I/O_LOG_FILES

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20181105/bd6f2384/attachment-0001.p7s>


More information about the openssh-unix-dev mailing list