Re: How can one log keystokes being sent via ssh on the machine initiating the connection?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Feb 28, 2017 at 12:09 PM, Jonathan Windham
<jonathan.windham@xxxxxxxxxxxxxxx> wrote:
> Greetings all,
>
>          I am a systems administrator, and please forgive me if I have been obtuse, or if this question has been asked in the past, but I am looking for a method in which to collect every keystroke or every command sent from a jumphost in my environment to target machines on the distal end of the connection. The hosts on the distant end of the connection are hosts in which the users have administrative (root level) access, so its trivial to cover their tracks.  I've tried the auditd route, and it relies on pam-tty.so, and it looks based on the github, that this functionality as it relates to openssh was depreciated. No longer does facist mode exist, and LogLevel at debug level 3 does not reveal the information that I am looking for.

I'd urge you to consult with an actual attorney in our state before you do this.

The typical method is to replace the local "bash" or user shell  on
the jumphost with one that key strokes everything. If you have to
protect yourself from power users who might be able to make the
additional steps your jumphost, well, that's a whole second layer of
pain.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux