Logging of client commands, possible?

Dan Kaminsky dan at doxpara.com
Wed Mar 13 09:43:47 EST 2002


> Regardless, activity logging, other than TTY logging, doesn't belong in
> sshd, and tty logging can be done externally to sshd, with varying
> degrees of difficulty depending on what facilities the OS provides.

The ugliness of doing this for each platforms begs for a SSHD solution.

Interesting point:  Disable tty-less modes, port forwarding, and direct
command execution on a machine with no other way in but sshd (and no way
back out) and indeed tty logging *does* capture the total set of available
behaviors for that machine.  This was actually done for a rather critical
machine providing access

There might be some exceptions, but you just can't deny that it's certainly
imaginable that it's more useful to see a TTY log than the output of
"/bin/sh -x" on an arbitrary shell script...that's kinda my feeling about
the interactive logs.  If nothing else, it's a critical adjunct to obtuse
SAR logs.

Hell, .bash_history is useful, and there ain't much that's easier to screw
with.

--Dan





More information about the openssh-unix-dev mailing list