Date: Sun, 19 Jun 2005 22:58:37 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Bill Moran <wmoran@potentialtech.com> Cc: questions@freebsd.org Subject: Re: Detailed logging of ssh sessions Message-ID: <42B5EA8D.2050209@dial.pipex.com> In-Reply-To: <20050619113849.3ae5cbad.wmoran@potentialtech.com> References: <20050619113849.3ae5cbad.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: >I'd like to start logging everything that >happens during any ssh login (since all our work on these machines is >via ssh). I understand, and frequently use script(1), but I want this >to be required. I have two goals: >1) If someone manages to guess a password and break in, I want a log > of what they're doing. >2) I want 100% guarantee that everything we do is recorded, to make > future debugging of configuration mistakes easier. > >I've been researching sshd, and it doesn't seem as if it has this >capability. > I think you're looking in the wrong place for this functionality. SSH is just a point-to-point connector. The functionality you want should come in some way from the login shell. Whether some shell out there already does this, or whether you could just use script itself somehow, I couldn't tell you. I'd just experiment with using script in some way -- perhaps writing a C program to be the shell which forks and execs script with suitable parameters such as a filename based on the date, tty, user etc. Or starting with script and modifying it to work as a login shell which did that stuff. If you really want this to be secure, the log files ought to be on a read-only medium. If someone hacks root they can delete the trace --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B5EA8D.2050209>