Date: Sun, 19 Jun 2005 18:48:21 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Alex Zbyslaw <xfb52@dial.pipex.com> Cc: questions@freebsd.org Subject: Re: Detailed logging of ssh sessions Message-ID: <20050619184821.7d39f89c.wmoran@potentialtech.com> In-Reply-To: <42B5EA8D.2050209@dial.pipex.com> References: <20050619113849.3ae5cbad.wmoran@potentialtech.com> <42B5EA8D.2050209@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Zbyslaw <xfb52@dial.pipex.com> wrote: > Bill Moran wrote: > > >I'd like to start logging everything that > >happens during any ssh login (since all our work on these machines is > >via ssh). I understand, and frequently use script(1), but I want this > >to be required. I have two goals: > >1) If someone manages to guess a password and break in, I want a log > > of what they're doing. > >2) I want 100% guarantee that everything we do is recorded, to make > > future debugging of configuration mistakes easier. > > > >I've been researching sshd, and it doesn't seem as if it has this > >capability. > > I think you're looking in the wrong place for this functionality. SSH > is just a point-to-point connector. The functionality you want should > come in some way from the login shell. I suspected that might be the way to go, but I've been unable to get anything working so far. <snip> > If you really want this to be secure, the log files ought to be on a > read-only medium. If someone hacks root they can delete the trace Logging is done both on and off-machine (i.e. syslog logs locally, and sends the logs to a dedicated logging machine as well) As long as I can use syslog for the logging, I've got my secure logs. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050619184821.7d39f89c.wmoran>