Logging of client commands, possible?

Damien Miller djm at mindrot.org
Thu Mar 14 09:28:56 EST 2002

On Thu, 14 Mar 2002, Dan Kaminsky wrote:

> > Yes, you are right.
> >
> > And because SSH does not care about what's going on inside it does
> > not snoop ttys.  On Unix, tools should do _one_ thing and do it well, not
> > 1000 things is a very mediocre way.
> Markus,
>     If I wanted one tool to do one thing, I'd use Telnet over SSL. :-)
> OpenSSH is *all* about the integration of generic encapsulators into a
> common tool.  In this case, we'd be integrating a cross platform method to
> encapsulate TTY logging methods, as an alternative to painful, non-portable
> solutions.

... and it will still be useless against anyone with 1/4 of a clue, who 
can upload a script or binary and execute that.

The place for this is a dedicated tty snooper or, better yet, real system
audit logs.


More information about the openssh-unix-dev mailing list