Extra OpenSSH logging for tracing SSH connections and tunnels
Jochen Bern
Jochen.Bern at binect.de
Sun Apr 26 19:14:54 AEST 2026
Am 24.04.26 um 16:07 schrieb Zoltan Fridrich:
> - log every outgoing SSH connection on the client side including user ID
> and command details
Ignoring your other requirement for the moment: Why would you trust the
user to use the "ssh" executable you provided? (Or that he won't finagle
with chroot() to try to break the syslogging, forward the connection
through a local socat to remove the actual server info from the recorded
ssh command line, yadda yadda.)
I'd rather trust the logs of auditd to catch the command, and iptables
rules to record the actual outgoing connection ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260426/7eaf7bc1/attachment.p7s>
More information about the openssh-unix-dev
mailing list