Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Aikes Docs

SSH Session logging

Option 1: scriptreplay

Via this page.

LOG_FILE="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`_`whoami`"
LOG_DIR="/tmp/"

# Print a welcome message
echo ""
echo "NOTE: This SSH session will be recorded"
echo "AUDIT KEY: $LOG_FILE"
echo ""

# Wrap an interactive shell into "script" to record the SSH session
script -qf --timing=$LOG_DIR$LOG_FILE.time $LOG_DIR$LOG_FILE.data --command=/bin/bash

Force it when a user logs in with:

echo -e "\nForceCommand /usr/bin/ssh-logger" >> /etc/ssh/sshd_config

in the sshd_config. And then use this to replay:

scriptreplay --timing=2023-05-17_08-17-44_aike.time 2023-05-17_08-17-44_aike.data

Option 2: sudosh

Relevant link: Github This claims to be a continuation of the project: sudosh2 https://unix.stackexchange.com/questions/198936/how-to-log-all-things-that-happened-via-an-ssh-session

Defaults log_output Defaults!/usr/bin/sudoreplay !log_output Defaults!/sbin/reboot !log_output

Option 3: containerSSH

Website here, but unfortunately there is very little activity going on in the project at the moment.