Hello,

I searched a lot over the internet to complete this requirement, but didn't find a solution yet. So, please help me !!.

Here is my requirement in short:
I just want to log all ssh commands at ssh-client machine that are being executed at the SSH server.

In other words: I know a brief history of all executed commands on a linux machine can be retrieved from "bash history". I would like to get this info available also at the ssh-client machine (if possible, with more details like timestamps).

I checked ssh-client configuration settings to see if it is possible to get those logs by modifying any variables. But, I didn't see anything there. By investigating more on this requirement, I guess it will be possible only if we do recompile SSH-client after modifying the code in order to log all the commands before it handover to ssh server.

Any ideas?. Anyone has fulfilled a requirement like this?. Any help will be appreciated.

Thanks in advance.

this is, as you've partially guessed, really not ssh's problem at all. it's bash that has the commands, not ssh. if you have a common /home partition and it's the same user account on both machines, then the bash history will be the same file on both machines, outside of that you probably need to define more about the architecture and end result you really want. for an overall better tracking method than bash history, try psacct to more formally account command execution.

Force the client to run its shell in a "wrapper" like Rootsh or Sudosh? What's the reason for wanting this BTW?

Thanks for your responses

Here are some more details about my requirement:
I am working in a web-hosting support company with over 300 employees. We have many big clients from all over the world. And all these clients have thousands to ten thousands of servers. Right now, we are logging into servers as per clients' procedures. We like to implement a standard procedure for the company to implement a 'keyserver' where all employees will log into client servers only via this keyserver. All the commands that each and every employees are trying to execute on customer servers should be logged into this keyserver. I should be able to track employee activities in such a way that if something wrong happened I can dig into these log files to see where it happened and by whom (not to hurt the employee, but to correct him ).

So "acid_kewpie", there is no chance of having same users on both machines. And no way to have same /home.

It is not possible to run any daemons on the server side. We should be able to achieve this only by modifying client side settings. Also, I don't want to run remote commands (from client side) to copy the bash history from the server.

Hey "unSpawn" I haven't used Rootsh/Sudosh yet. I'm not sure if that help me. Anyway, I will have a look at that.

Thanks again for your comments.

Any other choices???

i see what you mean. these boxes look to be doing that http://bmst.net/tech.htm http://www.balabit.com/network-security/scb/ but in an an architecture that doesn't match what you've directly requested. with as many systems as you have, you may be of a mind to have a proper bit of kit to what you're asking for and much more for a fee, rather than an opensource version...

Thanks for your reply and URLs.

what I'm looking here is for a help to modify the opensource software to suit my requirement.

Any other ideas???

Hi,

At last I found a simple way to do this. Of course, it is not a good way, but useful to an extend.

Try this:

ssh user@server.com | tee -ai logfile.log

This will log whatever you type on the server. The problem here is, "tee" will capture every inputs (it will capture even if you press arrow keys, backspace, tab key...... and will log it). So, if you open the log file you will see a lot of unreadable characters.

Using commands like "strings" or "col -b" you can remove unwanted characters to an extend, but not fully. A solution what I found here is to use "cat" to view the log file. (using "tail" also looks fine).


Regards,
Mohammed.