Top Nav

SSH session logging

Add the following line to /etc/profile to setup full logging of all ssh sessions:

script -q /var/log/sessions/ssh-`date +%d-%M-%Y-%Hh-%Mm-%Ss`-`whoami`-$$.log && exit

Of course this is a security risk and violates user privacy.

  • E G

    script command will be visible with ps. This is not the way we want, because an attacker can easily find the log and just remove it right before leaving your place.
    I’ ve found a little better solution but it still needs some work.

  • I took a look at your approach .. seems valid but takes a good bit more work … guess it depends on how stealthy and long turn an implementation you’re looking for.