How can one log keystokes being sent via ssh on the machine initiating the connection?

Jonathan Windham jonathan.windham at fostermoore.com
Wed Mar 1 04:09:38 AEDT 2017


Greetings all,

         I am a systems administrator, and please forgive me if I have been obtuse, or if this question has been asked in the past, but I am looking for a method in which to collect every keystroke or every command sent from a jumphost in my environment to target machines on the distal end of the connection. The hosts on the distant end of the connection are hosts in which the users have administrative (root level) access, so its trivial to cover their tracks.  I've tried the auditd route, and it relies on pam-tty.so, and it looks based on the github, that this functionality as it relates to openssh was depreciated. No longer does facist mode exist, and LogLevel at debug level 3 does not reveal the information that I am looking for.

Is there any way that I can accomplish this, any help in this would be appreciated greatly.

Humbly yours,



Jonathan Windham

Sr. Systems Engineer



E jonathan.windham at fostermoore.com

Cary

fostermoore.com

This email and its contents are confidential. If you are not the intended recipient, you should contact the sender immediately, you must not use, copy or disclose any of the information in the email, and you must delete it from your system immediately.


More information about the openssh-unix-dev mailing list