On 11/03/2018 06:08 PM, Kaushal Shriyan wrote: > Are there any open source tools to keep track of ssh sessions? For example, > if a specific user is ssh logging to remote server and what commands or > scripts are being run. Basically, i need to log all users sessions. Which part of the remote connection is the one you need audited? The system(s) your users are ssh'ing *out* of, resp. the users themselves ("we need to review what our staff did to whatever customer system they did support on"), the ones they're ssh'ing *into*, or just some subset ("privileged commands") of the activity on the latter? For the last case, the use of individual accounts, "sudo", suitable configurations(*), and the "sudoreplay" tool might give you out of the box what OpenSSH alone would need to be heavily modified to do. (*) Namely, making sshd log enough information to identify the incoming users and making sudo use an I/O logging plugin. https://www.sudo.ws/man/1.8.25/sudoers.man.html#I/O_LOG_FILES Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev