Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Ubuntu 5.10 Breezy, Fedora Core 6, Mac OS X 10.4.8
Posts: 16
Rep:
Manage Open SSH sessions
Is there any way I can view/monitor sessions that have been made from an external source to my ssh server?
I know there are various ftp clients out there that support session monitoring which lists things like connect time, active downloads etc. I'm simply looking for an SSH equivalent of this.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well the traffic is encrypted, so you're not supposed to know what they're doing... You can increase the log detail level, but that will reveal details like the user's passwords (if they use password authentication rather than public key).
Distribution: Ubuntu 5.10 Breezy, Fedora Core 6, Mac OS X 10.4.8
Posts: 16
Original Poster
Rep:
How would I go about increasing the log level detail? Is there a good log manager application you recommend so I don't have to manually go sifting through them?
Since the traffic itself is encrypted, but their shell is technically interacting with my hardware, can't i at least see what shares/files they may have open/be accessing?
Distribution: Ubuntu 5.10 Breezy, Fedora Core 6, Mac OS X 10.4.8
Posts: 16
Original Poster
Rep:
Although this post was made awhile back, I actually solved this issue and forgot to update the thread.
All commands than are run are actually stored in a file .bash_history in the users home directory.
The file only seems to store the last 1000 commands.
Running the command history dumps formatted output of this file. This file is user specific, so to get history of a specific users last bash commands first login to that user.
Hope that's helpful for any future readers who stumble over this.
Just remember that users can modify their histories or turn off history file accounting, so the method is not good for real security work. If you're that paranoid, you can enable BSD style process accounting but it's generally not enabled in the kernel so you might have to recompile your kernel to get it working.
Edit: actually I take that last part back. Apparently it's configured by default at least for centOS 9and I assume Fedora) and Ubuntu systems. Note sure about others.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
