Extra OpenSSH logging for tracing SSH connections and tunnels
Chris Rapier
rapier at psc.edu
Mon Apr 27 08:32:05 AEST 2026
Take a look at ISSHD https://github.com/set-element/openssh-hpn-isshd
It has a lot of logging but it is intrusive. I haven't played with it
much but I know the dev and I know it's been deployed at the SDSC (sand
Diego Supercomputing Center). I believe it feeds data directly in bro
(see https://github.com/set-element/isshd_policy). Note: Scott rolled
HPN-SSH into it as well and It might be complicated to extract that
merge. I might be able to do it as I think I have access to an earlier
version of ISSHD if that's important to you.
This will at least get you to the server side logging. If it doesn't
instrument the client as well this might give you the basis to do that.
On 4/24/26 10:07, Zoltan Fridrich via openssh-unix-dev wrote:
> Hello
>
> I have a use-case where I need to be able to trace SSH connections and
> tunnels for traceability and security compliance purposes.
> More specifically, I need to be able to:
> - log every outgoing SSH connection on the client side including user ID
> and command details
> - log every SSH tunnel on the server side including source, target, ports
> and user ID
>
> Would such extra logging be acceptable for inclusion in the upstream code?
>
> I have attached a patch that implements this extra logging.
>
> Regards,
> Zoltan
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list