-   Linux - Newbie (
-   -   How to watch SSH access (

Michael_Tze 02-22-2013 04:26 AM

How to watch SSH access

I have full root access on my server, and i give also root access for my admin tech, so he can install or modified anything as necessary,
My question how to watch in REALTIME what he is doing on the server, like install or modified anything.
In windows like teamviewer, i can watch what he is doing.

This is not because not trust my admin tech, just sometimes i want to see what is he doing, is there any wrong or not.

I hope anyone can show me how to do.
Thank you

RaviTezu 02-22-2013 04:40 AM

Do you mean in graphical mode?
If YES ..Short answer will be "TigerVNC".. Like Teamviewer you have to install this on your server.
If NO.. you can make use of some commands like "ps,top,w...etc"

---------- Post added 02-22-13 at 03:11 PM ----------

Here the Info. on tigerVNC.

Michael_Tze 02-22-2013 05:03 AM

Hi, thanks to answer,
Yes, i want to see in graphic mode, like UVNC or teamviwer.
And I had download TigerVNC.

Question using TigerVNC.
You must know, my admin tech use other computer, like laptop or anything PC in my office.
I'm forbid them, to add monitor or keyboard on the server (because i'm afraid my tech or other people make a problem like cable power cut or lan or anything which can make server down).

So i give my admin tech root password so, he can install or anything necessary.

My question is how to watch what he is doing, if my tech typing some code or anything.

Thank you
I hope you can help me..i'm very grateful about that.

RaviTezu 02-22-2013 05:45 AM

Ok. I need some information.
First, is graphical mode enabled on the server(which your admin is trying to access).

RaviTezu 02-22-2013 06:13 AM

Second, how the admin will access the server? Using command line interface or using some other application like VNC?

Michael_Tze 02-22-2013 07:35 AM

First I'm using centos 5.8 64Bit in TEXT Mode.
Second, The admin will using SSH to access the server, like using SecureCRT..etc.
Can you show me like log files or any files, my admin has been write or he is doing.
If i see in the history i just see command he type.
but in the vi command, i don't know what he is write in there.
or i don't know what files he is install or he is delete...etc.

I need to know, if he is install than give log what files, and if he is modified using vi or editor, will record command he is doing.

just for your information my server contain in sale online, there are so many product.
Once again, not because i don't trust my admin, but you know if we have employee, sometimes we must check what he does right ?

I hope you can help me.

Thank you for your help.

unSpawn 02-22-2013 09:19 AM

Please see

Michael_Tze 02-22-2013 10:43 PM

Can you give some explanation, i see still not clear for that.
Thank you

compassnet 02-22-2013 11:59 PM

Here's something that I use:

$ tail -f /var/log/messages

What that command does is output the last 10 lines of /var/log/messages and follows (-f) the changes, so for example, whenever I insert a USB Pendrive I see in real time what is happening, because it affects /var/log/messages. Sometimes the following fails (doesn't update), but I still need to check why (I don't think it's a bug but rather the log cycling).

I think this is what you want, so check the application called "screen". It might come handy for you if you want to follow multiple applications/log files:

screen1: $ tail -f /var/log/messages
screen2: $ tail -f /var/log/syslog
screen3: $ tail -f /var/log/secure

and so on.

Whatever program you want to follow in real time, just use the tail command above on the log file that your program generates, and also make sure you have read permissions for the file and you're done.


Michael_Tze 02-23-2013 01:25 AM

How if my admin typing some command using vi editor, is it the command still record in the log files ?

Thanks for your help

frieza 02-23-2013 01:37 AM

there is the 'history' command, and you COULD install a keylogger or ttysnoop perhaps(bad idea)

the real key that nobody here has mentioned is, why go through such lengths to babysit your admin, you should either trust him/her to obey your rules, or don't give them the keys to the car so to speak, and find someone you CAN trust.

whizje 02-23-2013 03:31 AM

You could ask (make a script to run) that is filled in with a short description what the access was for and which files are edited. If you are gonna use it for yourself to you got your own change management log.

Michael_Tze 02-23-2013 05:35 AM

Sure I'm agree to trust admin, but still not good enough for business, money can talk this make the problem, for now i can trust, but later no one knows what will be, not easy for me to find a trusted admin.
I'm sorry, if i can not trust 100% for admin, because i have experience for that.
That's why, I just need to record all he is doing(like type command, installing files, delete files etc).
I hope, anybody can help me to solve my problem.
I'm very grateful for that.
Once again, Thank you

compassnet 02-23-2013 06:04 AM


Originally Posted by Michael_Tze (Post 4897970)
How if my admin typing some command using vi editor, is it the command still record in the log files ?

Thanks for your help

That's a tricky question.

Elvis (vi clone) has the (sh) command. If you're in Elvis and type ":sh" you'll be sent to a shell, and from there I don't think .bash_history will log any commands.

Seems that in the end what you want is a keylogger for Linux. I can't help you with that. Search on google.


Michael_Tze 02-23-2013 06:10 AM

Is there any good websites where i can download keylogger, and how to install in centos 5.8 64bit ?
Thank you

All times are GMT -5. The time now is 08:13 AM.