Log SSH activity

All, I have an Ubuntu host that accepts SSH connections. How can I log all commands that are run on a specific account that logs in via SSH?

Thanks

4 Answers

Maybe you can make sshd use a logging shell like rootsh?

You can try with snoopy. After you install it, will logs all input command that calls execve to syslog. you'll only find it in the repos for hardy and precise.

You can install it from here.

I don't think SSHD logs commands while the user is logged in.

you can check who logged in by checking

/var/log/auth.log

and cross reference it to their history

/home/sshuser/.bash_history

history will have commands local or remote though.

I have a similar problem and wrote the tool log-user-session which stores all shell output into a root-only accessible session log file. It can be enabled via forced command on sshd_conf or ~/.ssh/authorized keys (see documentation).

Fame Burst

4 Answers

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

Is there a difference between map chat and team chat in WvW in Guild Wars 2?

Does stealing via "Mug" also count towards the Talent for Acquisition trophy?

What does "zoning" mean for fighting games?

Is there no other way to remove the "7 day purchase" market ban other than spending money?