SSH session logging / recording

October 10, 2010, 11:36 pm

If you want to implement a simple server-side SSH session logging, follow these simple steps.

“script” command can be used to log user activity. Then, we can send the session as email to several recipients, and remove the log file.

Add this to user’s .bash_profile file, or simply construct something similar:

CURDATE=$(date +%F-%T)
RAND=$RANDOM
 
EMAILS="user@example.com otherrecipient@example.com"
 
script -f -q /tmp/session-$USER-$CURDATE-$RAND.log
for EMAIL in $EMAILS; do
    cat "/tmp/session-$USER-$CURDATE-$RAND.log" | mail -s "SSH session transcript for $USER at $CURDATE" $EMAIL
done
rm -f /tmp/session-$USER-$CURDATE-$RAND.log
exit

Notes:

don’t assume it to be any security feature: the log file can be easily manipulated or removed by the user, a different shell can be used, etc.,
sending an email may not be a good idea if you expect lots of output (i.e. cat /dev/urandom).

Category: Uncategorized | Comment (RSS) | Trackback

WPKG Blog

SSH session logging / recording

Leave a Reply

Pages

Categories

Archives