Date: Sun, 19 Jun 2005 16:56:40 -0700 From: Glenn Dawson <glenn@antimatter.net> To: Bill Moran <wmoran@potentialtech.com>, questions@freebsd.org Subject: Re: Detailed logging of ssh sessions Message-ID: <6.1.0.6.2.20050619165543.084b2b70@cobalt.antimatter.net> In-Reply-To: <20050619113849.3ae5cbad.wmoran@potentialtech.com> References: <20050619113849.3ae5cbad.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:38 AM 6/19/2005, Bill Moran wrote: >I've been researching this, and so far haven't found a way to do what I >want to do. > >I have servers here and there, that should only be accessible by a limited >number of administrators via ssh (i.e. mail and web servers, firewalls). > >As an added security measure, I'd like to start logging everything that >happens during any ssh login (since all our work on these machines is >via ssh). I understand, and frequently use script(1), but I want this >to be required. I have two goals: >1) If someone manages to guess a password and break in, I want a log > of what they're doing. >2) I want 100% guarantee that everything we do is recorded, to make > future debugging of configuration mistakes easier. > >I've been researching sshd, and it doesn't seem as if it has this >capability. Web searches have not yet turned up anything ... I'm guessing >I'm not searching for the right phrases, since I can't believe I'm the >only one doing this. > >Any advice or pointers are welcome. This looks like it might do the trick for you: http://honeypots.sourceforge.net/modified_script.html -Glenn >-- >Bill Moran >Potential Technologies >http://www.potentialtech.com >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.2.20050619165543.084b2b70>