bergman on 25 Apr 2008 12:41:48 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] logging/tailing ssh sessions

In the message dated: Fri, 25 Apr 2008 14:56:48 EDT,
The pithy ruminations from "Mark Baker" on 
<[PLUG] logging/tailing ssh sessions> were:

=> I have a quick question.  If you want to watch an ssh session in real

A quick question that has no quick answers.

=> time is there an easy way to do this?  I=E2=80=99m thinking of a scenario
=>  where

Hmmm....if you're talking about "watching"' what someone with privileged access 
does, then the only thing I'd trust would be sniffing traffic at the network 
level, ie., configuring the network switch that connects to the server with 
port mirroring, and connecting another machine to that port as a passive tap. 
Alternatively, put in a hub between your network and the server, and attach a 
second machine to the hub to capture all the traffic.

=> you give temporary access to a vendor or another user, but you want to
=> keep an eye on what they are doing on the system.

Well....if you don't trust them, then don't give them any access...or at least 
not privileged access.

If you've got to give them acces, consider something like "sudosh", which can 
be configured to capture all the input & output of login sessions, and which 
can be used as the login shell.
(yes, the project is basically dead, but the software still works very well).

Mark "the other Mark"

=> Mark

Mark Bergman    Biker, Rock Climber, Unix mechanic, IATSE #1 Stagehand

I want a newsgroup with a infinite S/N ratio! Now taking CFV on:
15+ So Far--Want to join? Check out: 

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --