On 11/03/2018 06:08 PM, Kaushal Shriyan wrote:
> Are there any open source tools to keep track of ssh sessions? For example,
> if a specific user is ssh logging to remote server and what commands or
> scripts are being run. Basically, i need to log all users sessions.
Which part of the remote connection is the one you need audited? The
system(s) your users are ssh'ing *out* of, resp. the users themselves
("we need to review what our staff did to whatever customer system they
did support on"), the ones they're ssh'ing *into*, or just some subset
("privileged commands") of the activity on the latter?
For the last case, the use of individual accounts, "sudo", suitable
configurations(*), and the "sudoreplay" tool might give you out of the
box what OpenSSH alone would need to be heavily modified to do.
(*) Namely, making sshd log enough information to identify the incoming
users and making sudo use an I/O logging plugin.
https://www.sudo.ws/man/1.8.25/sudoers.man.html#I/O_LOG_FILES
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
